From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) kinit will dump core if used against a user without a DES key in a Win2K realm. If an NT4 domain is upgraded to a Win2K one, users will not have a DES key until the first password change. MIT Kerberos does not do the NT4-compatible encryption types - that's fine, but a core dump is a problem, since anything linked to the Kerberos libraries (such as the pam_krb5 module) will also dump core rather than failing. Specifically for us, we're performing SMTP auth using Exim's PAM support and the pam_krb5 module - an MTA dumping core is bad. Reproducible: Always Steps to Reproduce: 1. kinit <username who has NOT changed password since NT4 days> 2. Actual Results: Error message "Segmentation fault (core dumped)" 3. Compile krb5-1.2.2 (now available from MIT) 4. kinit <username who has NOT changed password since NT4 days> 5. Prompt: "Password for username@REALM:" 6. Supply password 7. Error message "kinit(v5): KDC has no support for encryption type while getting initial credentials" The latter is an "optimal failure" Actual Results: Error message "Segmentation fault (core dumped)" Expected Results: Error message "kinit(v5): KDC has no support for encryption type while getting initial credentials" The recent release of krb5-1.2.2 fixes this bug. I would like RedHat to ship an RPM update down the pipe. (I want, I want.. :o)
We'll be pushing out a 1.2.2-4 errata for 7.0 soonish. Thanks!