Dear all.
I have been trying to use Kerberos with kdb ldap backend (openldap 2.4.11). I have using two ldap servers to emulate multimaster environment for Kerberos. There are some funny things happened. 1. If I don't enable multimaster replication using ldap, using kadmin. I can add a Kerberos user, and I can run 'getprinc' command of that user 2. If I enable the multimaster setting with ldap, using kadmin, I can add a Kerberos user, however, I will get segmentation fault when running 'getprinc' of that user. Later, I try to use gdb to notice behavior of kadmin. I found out the segmentation fault happens because in the multimaster setting, the number of keys generated for the users are 3 instead of 2 in a no multi-masterl condition, thus, giving a segmentation fault. Next, I theorize as below, 1. There is a problem with openldap 2.4.11 replication when it comes to replication binary data of krbPrincipalKey and krbExtraData (data corruption) 2. Or, there is a problem with kdb ldap itself. I think this problem is too fundamental for me to fix it myself. Therefore I am resorting to use the non-ldap storage for Kerberos backend Azhar ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos