From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

Description of problem:
The krb5-1.2.7-krsh-deadlock2.patch introducted in krb5-1.2.7-39 on Red Hat EL3.0 creates a bug which potentially causes an incoming encrypted rdist to hang and timeout.  This bug also exists in some or all EL4.0 krb5-workstation packages; however, I do not have the resources available to track down which specific versions.

Version-Release number of selected component (if applicable):
krb5-1.2.7-39 and newer

How reproducible:
Always

Steps to Reproduce:
0. Turn off any firewall rules on both hosts, as rdist requires a random high return TCP port, but isn't stateful with respect to kshd/kshell.

1. On source system, create an rdist file which containas a "special" line.  Here is a sample "distfile":

HOSTS=(root.com)
FILES = (/etc/syslog.conf)
${FILES} -> ${HOSTS}
        install /tmp/. ;
        special "echo 'hello world' >> /tnp/syslog.conf";

2. On the target system (targethost.redhat.com in this case), enable 'kshell' in xinetd.d.

3. On the source system, use a kerberized rdist client, such as the MIT krdist.  Run 'krdist -f distfile'.  The krdist will hang and eventually timeout.  If you comment out the "special" line, it will work.  Note that it will always work on repeated attempts once /tmp/syslog.conf gets written (as krdist won't send a file if it's unchanged), so make sure you delete it on the target system if it appears.

Actual Results:  krdist hangs.  On the target system, a temporary rdist file (/tmp/rdistXXXXX) appears with the data that should be written out to the final file (/tmp/syslog.conf), isn't.

Expected Results:  krdist should complete almost immediately.

Additional info:

This problem started with krb5-workstation-1.2.7-39.  There is only one patch in -39, so there is *something* wrong with that patch.