KDC Dumps Core and Other Problems
Jason C. Wells
jcw at speakeasy.net
Wed Sep 8 05:07:48 UTC 2010
I did a lot of poking at heimdal tonight trying to discover why I get
the error "ASN.1 encoding ended unexpectedly" after upgrading to 8.1-R.
Never did find that out. So much pain in such a short period of time...
I've discovered a way to get the KDC to dump core. I've also discovered
that ktutil will list keys for a keytab that has been deleted unless
given the -k option. I had errors about not supporting keytypes when
I'm pretty darn sure a keytype is supported. I'm willing to accept that
this might be PEBKAC, but I'm fairly sure I've found bugs. At minimum, a
user should not be able to get a daemon to core dump.
Is Heimdal in 8.1-R at version 1.0? (it is according to some symbols I
grepped while trying to understand these errors.) The heimdal world is
at 1.3 now. I saw a recently archived discussion where some people were
challenging each other to be "counted on" to work on heimdal.
Are PRs useful at this point? Maybe newer better heimdal is right
around the corner which would negate the usefulness of reporting this
evening's problems.
I also noted in that discussion some talk of dropping heimdal. I
request that we keep heimdal as a part of FreeBSD. I hated secure auth
in freebsd before heimdal was included. I hate the way that debian has
dueling auth libraries. I like that heimdal and pam and the passwd auth
all co-exist peacefully on freebsd. As we are so fond of saying:
FreeBSD is an operating system, not a kernel plus packages. A first
class auth system that includes kerberos is a good thing.
I have etypes leaking out my ears.
Regards,
Jason C. Wells
More information about the freebsd-security
mailing list