ports/86012: kpasswd fails if one of the KDC are unreachable.

Benoit Panizzon bp at imp.ch
Mon Sep 12 12:10:11 UTC 2005


>Number:         86012
>Category:       ports
>Synopsis:       kpasswd fails if one of the KDC are unreachable.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 12 12:10:10 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Benoit Panizzon
>Release:        FreeBSD 5.3-STABLE #3
>Organization:
ImproWare AG
>Environment:
FreeBSD pinky.imp.ch 5.3-STABLE FreeBSD 5.3-STABLE #3: Wed Feb 23 09:38:05 CET 2005     root at pinky.imp.ch:/usr/obj/usr/src/sys/PINKY  i386
>Description:
When a Kerberos Domain Controller is reachable under various IP-Addresses )ie. replicas or IPv4 and IPv6 and one address is not reachable for some reason (like the Client System has an IPv6 Kernel but no IPv6 Address) so that specific address returns 'no route to host' then kpasswd fails as soon as it gets that reply instead of trying all available addresses.
>How-To-Repeat:
Get a Windows 2003 ADS Server. Enable IPv6 on that Server, so that Windows puts it's own IPv6 Address as kpasswd TCP Service Announcement in it's DNS. Try to change the Password from an IPv6 enabled but unconfigured client. Voila. => Unknown error -1
Do a truss and you'll see that ony the IPv6 address is being tried and kpasswd gives up as it sees the 'host unreachable' error.
>Fix:
Not a Fix but a Workaround: Use only with propperly configured IPv6 or switch back to IPv4 only.
>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the freebsd-ports-bugs mailing list