+++ This bug was initially created as a clone of Bug #180671 +++ Description of problem: The krb5 client library returns an unexpected error when a lookup fails: $ ./ldap_krb5 DEBUG realm REDHAT.COM DEBUG in_tkt: krbtgt/REDHAT.COM CRIT lookup(ldap): krb5_get_init_creds_keytab failed with Cannot find KDC for requested realm. When adding the following to the krb5.conf, the error message changes: master_kdc = kerberos.corp.redhat.com The error returned is now this: $ ./ldap_krb5 DEBUG realm REDHAT.COM DEBUG in_tkt: krbtgt/REDHAT.COM CRIT lookup(ldap): krb5_get_init_creds_keytab failed with Client not found in Kerberos database. Version-Release number of selected component (if applicable): krb5-devel-1.3.4-9 How reproducible: 100% Steps to Reproduce: Install the following krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = REDHAT.COM dns_lookup_realm = false dns_lookup_kdc = false [realms] EXAMPLE.COM = { kdc = kerberos.example.com:88 admin_server = kerberos.example.com:749 default_domain = example.com } REDHAT.COM = { kdc = kerberos.boston.redhat.com:88 admin_server = kerberos.corp.redhat.com:749 } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM .redhat.com = REDHAT.COM redhat.com = REDHAT.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Then, try to lookup a principal that doesn't exist, such as host/segfault.boston.redhat.com. This can be reproduced by issuing the following command on segfault: $ kinit -k If the following is specified, in the krb5.conf, then the "correct" error is returned: master_kdc = kerberos.corp.redhat.com $ kinit -k kinit(v5): Client not found in Kerberos database while getting initial credentials
Looks like I can't reproduce this on Raw Hide, after all.