Ticket #146 (new defect) Opened 2 months ago Last modified 2 months ago ipa-kpasswd segfaults Reported by: kmacmill Assigned to: simo Priority: major Milestone: release-1 Component: ipa-server Version: Keywords: Cc: Description ¶ On Wed, 2007-12-05 at 20:43 +1000, David O'Brien wrote: This is probably mainly for simo, and is just extra info for the kpasswd segfault issue we talked about last night. I reinstalled ipa-server from /FC7/i386/2007-12-04_15_09-build/dist and ran the config script. Attached is the output from what I did next, as well as tail of var/log/messages Hope this is useful. cheers plain text document attachment (ipaServer_kpasswd_issue) Setup complete Next steps: 1. You may need to open some network ports - specifically: TCP Ports: * 80, 443, 8080: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos UDP Ports: * 88, 464: kerberos * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin'. This ticket will allow you to use the IPA tools (e.g., ipa-adduser) and the web user interface. [root@darwin ~]# kinit admin Password for admin: [root@darwin ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin Valid starting Expires Service principal 12/05/07 20:32:04 12/06/07 20:32:02 krbtgt/AUSTRALIA.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@darwin ~]# ipa-adduser First name: David Last name: Kim Login name: dkim Password: Password (again): gecos []: home directory /home/dkim: shell /bin/sh: dkim successfully added [root@darwin ~]# kinit dkim kinit(v5): Password has expired while getting initial credentials [root@darwin ~]# kpasswd dkim Password for dkim: Enter new password: Enter it again: kpasswd: Cannot contact any KDC for requested realm changing password [root@darwin ~]# plain text document attachment (var_log_messages) tail /var/log/messages Dec 5 20:27:47 darwin setroubleshoot: SELinux is preventing /usr/sbin/httpd (httpd_t) "read write" to socket:[13416] (unconfined_t). For complete SELinux messages. run sealert -l 124ef240-d677-4604-9c76-2559f47a2531 Dec 5 20:27:47 darwin setroubleshoot: SELinux is preventing /usr/sbin/nss_pcache (httpd_t) "sys_nice" to <Unknown> (httpd_t). For complete SELinux messages. run sealert -l d4b9636e-6cb8-4481-90c7-d858da64eea1 Dec 5 20:27:47 darwin setroubleshoot: SELinux is preventing /usr/sbin/httpd (httpd_t) "sys_nice" to <Unknown> (httpd_t). For complete SELinux messages. run sealert -l d4b9636e-6cb8-4481-90c7-d858da64eea1 Dec 5 20:27:48 darwin last message repeated 2 times Dec 5 20:27:50 darwin setroubleshoot: SELinux is preventing /usr/sbin/radiusd (radiusd_t) "read write" to socket:[13416] (unconfined_t). For complete SELinux messages. run sealert -l b37f4caf-25ec-40d0-851c-0f1bfca01d77 Dec 5 20:27:55 darwin setroubleshoot: SELinux is preventing /usr/kerberos/sbin/krb5kdc (krb5kdc_t) "read write" to socket:[13416] (unconfined_t). For complete SELinux messages. run sealert -l 0ab104c2-83e3-4a98-8def-320cb0cee2ac Dec 5 20:33:17 darwin kpasswd[3963]: Unable to read request: Decrypt integrity check failed Dec 5 20:33:17 darwin kernel: ipa_kpasswd[3963]: segfault at bfa00000 eip 499ee407 esp bfa58768 error 4 Dec 5 20:33:27 darwin kpasswd[3964]: Unable to read request: Decrypt integrity check failed Dec 5 20:33:27 darwin kernel: ipa_kpasswd[3964]: segfault at bfa00000 eip 499ee407 esp bfa58768 error 4 Change History 2007-12-05 11:46:59 changed by kmacmill ¶ * milestone changed from milestone-6 to release-1.
ipa-adduser success in cli. ipa-kpasswd rename to ipa-passwd (?) otherwise, work good qa verified , bug closed, build: 4-7-2008 daily build
ipa_kpasswd is a daemon that listens for kerberos password requests. ipa-passwd is a command-line utility that admins can use to change passwords.