Hello, Heimdal version is 1.4.0~git20100726.dfsg.1-1+b1, running on amd64 arch.
The KDC is installed freshly, the strange thing is that this is the 2nd kdc I've installed with the same config (for testing purposes) and the first one is working, the second one has this problem.
The krb5 and KDC config I'm using (I've symlinked krb5.conf to kdc.conf) is: [libdefaults] default_realm = AD-TURIP.ELTE.HU kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = truedefault_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
[realms] AD-TURIP.ELTE.HU = { kdc = XXXXXXXXXXXXXXXXXXX } AD.AD-TURIP.ELTE.HU = { kdc = XXXXXXXXXXXXXXXXX } ELTE.HU = { kdc = kdc1.elte.hu kdc = kdc2.elte.hu admin_server = kdc1.elte.hu } [domain_realm] .mit.edu = ATHENA.MIT.EDU mit.edu = ATHENA.MIT.EDU .media.mit.edu = MEDIA-LAB.MIT.EDU media.mit.edu = MEDIA-LAB.MIT.EDU .whoi.edu = ATHENA.MIT.EDU whoi.edu = ATHENA.MIT.EDU .stanford.edu = stanford.edu [login] krb4_convert = false krb4_get_tickets = false [kdc] logging = FILE:/var/log/heimdal-kdc.log logging = SYSLOG:INFO enable-http = false check-ticket-addresses = true allow-null-ticket-addesses = true require-preauth = yes enable-kerberos4 = false enable-kaserver = yes v4-realm = UNIX.AD-TURIP.ELTE.HU afs-cell = unix.ad-turip.elte.hudefault_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
[kadmin] default_keys = v5 des:pw-salt des:afs3-salt The config was installed after having installed heimdal-kdc package.I am able to reproduce the error with the attached test suite, but at first it invokes apt-get remove --PURGE!!, so use it carefuly.
Extract and invoke ./runmultiple.sh <N> where N is the number of passes.It assumes that /etc/krb5.conf contains all the information required for the kdc.
For me it fails all the time. If you cannot reproduce the error with this suite, I've created a snapshot of the test-kdc and I might be able to give you access to it for a few days.
Kind regards, Pter 2011.04.13. 5:47 keltezéssel, Brian May írta:
2011/4/12 Turi Péter <tu...@caesar.elte.hu <mailto:tu...@caesar.elte.hu>> I've ran into the same bug. I was able to workaround it by doing a kstash -e aes256-cts-hmac-sha1-96 --random-key kadmin> INIT <REALM> Hello,What version are you using? Are you using LDAP? Just want to make sure I don't make incorrect assumptions...Are you able to produce a list of steps that will reproduce the problem? Thanks --Brian May <br...@microcomaustralia.com.au <mailto:br...@microcomaustralia.com.au>>
heimdal-kdc-mkey.tgz
Description: Binary data