Public bug reported: Binary package hint: krb5-kdc
I have a krb5kdc server running, using openldap as a data store. This works great and, for most clients, it is fine. I have a password policy set as follows: krbMaxPwdLife: 3628800 krbMinPwdLife: 0 krbPwdMinDiffChars: 1 krbPwdMinLength: 6 krbPwdHistoryLength: 3 krbPwdMaxFailure: 20 krbPwdFailureCountInterval: 0 krbPwdLockoutDuration: 8 I have a zimbra server running, configured to use kerberos5 for authentication. This appears to be working. I left a mail client (Thunderbird) running, periodically checking for new messages. After a few hours, krb5kdc crashed. I ran it through strace and found the following: krb5kdc: ../../../../../ src/plugins/kdb/ldap/libkdb_ldap/lockout.c:161: krb5_ldap_lockout_audit: Assertion '!locked_check_p(context, stamp, max_fail, lockout_duration, entry)' failed.. I took a peek at the code, but the assertion line didn't mean that much to me. It did point me to the krbPwdLockoutDuration setting. Looking at it now, I sure hope that it represents minutes. Regardless, it shouldn't be possible to crash the KDC and I can now do it very reliably. Any idea what the assertion is checking for and what I can do to prevent this from happening? ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.4 ProcVersionSignature: Ubuntu 2.6.32-23.37-server 2.6.32.15+drm33.5 Uname: Linux 2.6.32-23-server x86_64 Architecture: amd64 Date: Tue Feb 8 22:53:43 2011 InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427) ProcEnviron: PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: krb5 ** Affects: krb5 (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug lucid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. https://bugs.launchpad.net/bugs/715579 Title: krb5-kdc-ldap plugin crashes krb5-kdc sometimes when password policy is set -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs