This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 430029 - ipa-kpasswd segfaults
ipa-kpasswd segfaults
Status: CLOSED ERRATA
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
1.0
All Linux
high Severity high
: ---
: ---
Assigned To: Simo Sorce
Chandrasekar Kannan
:
Depends On:
Blocks: freeipa10 429034
  Show dependency treegraph
 
Reported: 2008-01-24 02:10 EST by Chandrasekar Kannan
Modified: 2012-03-27 03:17 EDT (History)
5 users (show)

See Also:
Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Chandrasekar Kannan 2008-01-24 02:10:26 EST
Ticket #146 (new defect)

Opened 2 months ago

Last modified 2 months ago
ipa-kpasswd segfaults
Reported by: 	kmacmill 	Assigned to: 	simo
Priority: 	major 	Milestone: 	release-1
Component: 	ipa-server 	Version: 	
Keywords: 		Cc: 	
Description ¶

On Wed, 2007-12-05 at 20:43 +1000, David O'Brien wrote: This is probably mainly for simo, and is just extra info for the kpasswd

    segfault issue we talked about last night. I reinstalled ipa-server from /FC7/i386/2007-12-04_15_09-build/dist and ran the config script. Attached is the output from what I did next, as well as tail of var/log/messages Hope this is useful. cheers plain text document attachment (ipaServer_kpasswd_issue) Setup complete Next steps: 1. You may need to open some network ports - specifically: TCP Ports: * 80, 443, 8080: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos UDP Ports: * 88, 464: kerberos * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin'. This ticket will allow you to use the IPA tools (e.g., ipa-adduser) and the web user interface. [root@darwin ~]# kinit admin Password for admin@AUSTRALIA.COM: [root@darwin ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin@AUSTRALIA.COM Valid starting Expires Service principal 12/05/07 20:32:04 12/06/07 20:32:02 krbtgt/AUSTRALIA.COM@AUSTRALIA.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@darwin ~]# ipa-adduser First name: David Last name: Kim Login name: dkim Password: Password (again): gecos []: home directory /home/dkim: shell /bin/sh: dkim successfully added [root@darwin ~]# kinit dkim kinit(v5): Password has expired while getting initial credentials [root@darwin ~]# kpasswd dkim Password for dkim@AUSTRALIA.COM: Enter new password: Enter it again: kpasswd: Cannot contact any KDC for requested realm changing password [root@darwin ~]# plain text document attachment (var_log_messages) tail /var/log/messages Dec 5 20:27:47 darwin setroubleshoot: SELinux is preventing /usr/sbin/httpd (httpd_t) "read write" to socket:[13416] (unconfined_t). For complete SELinux messages. run sealert -l 124ef240-d677-4604-9c76-2559f47a2531 Dec 5 20:27:47 darwin setroubleshoot: SELinux is preventing /usr/sbin/nss_pcache (httpd_t) "sys_nice" to <Unknown> (httpd_t). For complete SELinux messages. run sealert -l d4b9636e-6cb8-4481-90c7-d858da64eea1 Dec 5 20:27:47 darwin setroubleshoot: SELinux is preventing /usr/sbin/httpd (httpd_t) "sys_nice" to <Unknown> (httpd_t). For complete SELinux messages. run sealert -l d4b9636e-6cb8-4481-90c7-d858da64eea1 Dec 5 20:27:48 darwin last message repeated 2 times Dec 5 20:27:50 darwin setroubleshoot: SELinux is preventing /usr/sbin/radiusd (radiusd_t) "read write" to socket:[13416] (unconfined_t). For complete SELinux messages. run sealert -l b37f4caf-25ec-40d0-851c-0f1bfca01d77 Dec 5 20:27:55 darwin setroubleshoot: SELinux is preventing /usr/kerberos/sbin/krb5kdc (krb5kdc_t) "read write" to socket:[13416] (unconfined_t). For complete SELinux messages. run sealert -l 0ab104c2-83e3-4a98-8def-320cb0cee2ac Dec 5 20:33:17 darwin kpasswd[3963]: Unable to read request: Decrypt integrity check failed Dec 5 20:33:17 darwin kernel: ipa_kpasswd[3963]: segfault at bfa00000 eip 499ee407 esp bfa58768 error 4 Dec 5 20:33:27 darwin kpasswd[3964]: Unable to read request: Decrypt integrity check failed Dec 5 20:33:27 darwin kernel: ipa_kpasswd[3964]: segfault at bfa00000 eip 499ee407 esp bfa58768 error 4

Change History
2007-12-05 11:46:59 changed by kmacmill ¶

    * milestone changed from milestone-6 to release-1.
Comment 4 Yi Zhang 2008-04-07 13:17:18 EDT
ipa-adduser success in cli.

ipa-kpasswd rename to ipa-passwd (?)

otherwise, work good

qa verified , bug closed, build: 4-7-2008 daily build
Comment 5 Rob Crittenden 2008-04-07 13:32:42 EDT
ipa_kpasswd is a daemon that listens for kerberos password requests.

ipa-passwd is a command-line utility that admins can use to change passwords.

Note You need to log in before you can comment on or make changes to this bug.