KDC Dumps Core and Other Problems

[Jason C. Wells]

I did a lot of poking at heimdal tonight trying to discover why I get 
the error "ASN.1 encoding ended unexpectedly" after upgrading to 8.1-R.  
Never did find that out.  So much pain in such a short period of time...

I've discovered a way to get the KDC to dump core.  I've also discovered 
that ktutil will list keys for a keytab that has been deleted unless 
given the -k option.  I had errors about not supporting keytypes when 
I'm pretty darn sure a keytype is supported. I'm willing to accept that 
this might be PEBKAC, but I'm fairly sure I've found bugs. At minimum, a 
user should not be able to get a daemon to core dump.

Is Heimdal in 8.1-R at version 1.0?  (it is according to some symbols I 
grepped while trying to understand these errors.)  The heimdal world is 
at 1.3 now.  I saw a recently archived discussion where some people were 
challenging each other to be "counted on" to work on heimdal.

Are PRs useful at this point?  Maybe newer better heimdal is right 
around the corner which would negate the usefulness of reporting this 
evening's problems.

I also noted in that discussion some talk of dropping heimdal.  I 
request that we keep heimdal as a part of FreeBSD.  I hated secure auth 
in freebsd before heimdal was included.  I hate the way that debian has 
dueling auth libraries.  I like that heimdal and pam and the passwd auth 
all co-exist peacefully on freebsd.  As we are so fond of saying:  
FreeBSD is an operating system, not a kernel plus packages. A first 
class auth system that includes kerberos is a good thing.

I have etypes leaking out my ears.

Regards,
Jason C. Wells