Hello, Heimdal version is 1.4.0~git20100726.dfsg.1-1+b1, running on amd64 arch.
The KDC is installed freshly, the strange thing is that this is the 2nd kdc I've installed with the same config (for testing purposes) and the first one is working, the second one has this problem.
The krb5 and KDC config I'm using (I've symlinked krb5.conf to kdc.conf) is:
[libdefaults]
default_realm = AD-TURIP.ELTE.HU
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des-cbc-crc des-cbc-md5
[realms]
AD-TURIP.ELTE.HU = {
kdc = XXXXXXXXXXXXXXXXXXX
}
AD.AD-TURIP.ELTE.HU = {
kdc = XXXXXXXXXXXXXXXXX
}
ELTE.HU = {
kdc = kdc1.elte.hu
kdc = kdc2.elte.hu
admin_server = kdc1.elte.hu
}
[domain_realm]
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
.media.mit.edu = MEDIA-LAB.MIT.EDU
media.mit.edu = MEDIA-LAB.MIT.EDU
.whoi.edu = ATHENA.MIT.EDU
whoi.edu = ATHENA.MIT.EDU
.stanford.edu = stanford.edu
[login]
krb4_convert = false
krb4_get_tickets = false
[kdc]
logging = FILE:/var/log/heimdal-kdc.log
logging = SYSLOG:INFO
enable-http = false
check-ticket-addresses = true
allow-null-ticket-addesses = true
require-preauth = yes
enable-kerberos4 = false
enable-kaserver = yes
v4-realm = UNIX.AD-TURIP.ELTE.HU
afs-cell = unix.ad-turip.elte.hu
default_tgs_enctypes = aes256-cts arcfour-hmac-md5
des3-hmac-sha1 des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des-cbc-crc des-cbc-md5
[kadmin]
default_keys = v5 des:pw-salt des:afs3-salt
The config was installed after having installed heimdal-kdc package.
I am able to reproduce the error with the attached test suite, but at
first it invokes apt-get remove --PURGE!!, so use it carefuly.
Extract and invoke ./runmultiple.sh <N> where N is the number of passes.It assumes that /etc/krb5.conf contains all the information required for the kdc.
For me it fails all the time. If you cannot reproduce the error with this suite, I've created a snapshot of the test-kdc and I might be able to give you access to it for a few days.
Kind regards, Pter 2011.04.13. 5:47 keltezéssel, Brian May írta:
2011/4/12 Turi Péter <[email protected] <mailto:[email protected]>> I've ran into the same bug. I was able to workaround it by doing a kstash -e aes256-cts-hmac-sha1-96 --random-key kadmin> INIT <REALM> Hello,What version are you using? Are you using LDAP? Just want to make sure I don't make incorrect assumptions...Are you able to produce a list of steps that will reproduce the problem? Thanks --Brian May <[email protected] <mailto:[email protected]>>
heimdal-kdc-mkey.tgz
Description: Binary data
