Thank you. It turns out I'm a bit of an idiot when I migrated my LDAP
server.
In copying the directory, I managed to leave behind my krbPrincipalKey
values (I used replication, which didn't jive with my extremely
paranoid security settings for that attribute).
THAT said, this would have gone much more smoothly if the LDAP backend
gave a helpful error on a lack of krbPrincipalKey values instead of
letting libkdb5 segfault mysteriously.
Truth be told: I haven't *completely* verified that putting the values
back into place will make the problem go away, but I did confirm that
running the old KDC installation (out of a chroot on an amd64 VM)
against a new LDAP server segfaults while running it against the old
LDAP server (again out of the chroot) succeeds. I then ran a diff on
the trees, and found that krbPrincipalKey was missing.
Thanks,
Jason
On Fri, Feb 10, 2012 at 4:00 PM, Sam Hartman wrote:
> Old stash files are in fact byte order and probably but I'm not sure
> word size dependent. Look at the add_mkey command to kdb5_util. I
> think if you add a new master key and write it out to a new keytab
> format stash file then all should be well.
>
> If the database was created with 1.9.1 then I would not expect this
> problem in the first place.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/929827
>
> Title:
> KDC (krb5-kdc-ldap) and kadmin.local segfault in libkdb5.so.5.0.
>
> Status in “krb5” package in Ubuntu:
> New
>
> Bug description:
> Running 11.10 (Oneiric). Additional specifications in tags. This
> appears to apply to libkdb5-5 version 1.9.1+dfsg-1ubuntu2.2.
>
> I have copied a working LDAP-backed KDC configuration from a 64-bit
> EC2 instance into a 32-bit EC2 instance (the binaries are installed
> fresh). When I attempt to launch either the KDC or kadmin.local, the
> process terminates with a segfault. A kernel record in the syslog
> shows that there was a segfault in libkdb5.so.5.0 (for either
> process).
>
> I have a sinking suspicion that there is a binary incompatibility in
> the stash file. I'd appreciate any advice on converting it if that is
> possible.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 11.10
> Package: libkdb5-5 1.9.1+dfsg-1ubuntu2.2
> ProcVersionSignature: Ubuntu 3.0.0-14.23-virtual 3.0.9
> Uname: Linux 3.0.0-14-virtual i686
> ApportVersion: 1.23-0ubuntu4
> Architecture: i386
> Date: Thu Feb 9 20:49:19 2012
> Ec2AMI: ami-a500d0cc
> Ec2AMIManifest: (unknown)
> Ec2AvailabilityZone: us-east-1d
> Ec2InstanceType: m1.small
> Ec2Kernel: aki-805ea7e9
> Ec2Ramdisk: unavailable
> ProcEnviron:
> PATH=(custom, no user)
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: krb5
> UpgradeStatus: No upgrade log present (probably fresh install)
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/929827/+subscriptions
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/929827
Title:
KDC (krb5-kdc-ldap) and kadmin.local segfault in libkdb5.so.5.0.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/929827/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
