[Freeipa-users] kinit seg-fault for Solaris 9
David Redmond
david.redmond at gmail.com
Wed Mar 27 01:11:20 UTC 2013
Hi again,
I've got a bit more information. I've found that I can successfully kinit
on the Solaris 9 clients if, on the server, I change the user's password by:
ipa-getkeytab -s SERVER -p USER at REALM -k krb5.keytab -P
This works even if I delete the resulting keytab file. However, kinit on
the Solaris 9 client seg-faults if I set the user's password using the web
gui, the 'passwd' or 'kpasswd' commands, or even the `ipa user-mod
--password` command.
There must be something different about how the ipa-getkeytab command
stores the password. Any help would be greatly appreciated.
Thanks,
Dave
~""~
On Tue, Mar 26, 2013 at 4:05 PM, Rob Crittenden <rcritten at redhat.com> wrote:
> David Redmond wrote:
>
>> Hi,
>>
>> I've setup FreeIPA for the first time and am using it successfully with
>> Linux and Solaris 10 clients. On 8 separate Solaris 9 clients I'm
>> running into an issue where 'kinit USER', for any user, fails with a
>> segmentation fault after prompting for a password. On the client side
>> there are no log entries. On the server side the "Additional
>> pre-authentication required" entry is written to the log. When I execute
>> 'kinit -k' everything works normally. I've verified that the keytabs for
>> the Solaris 9 clients use only des-cbc-crc encryption and that
>> allow_weak_crypto = true is set on the server side. Running 'truss kinit
>> USER' on the Solaris 9 clients end with:
>> Incurred fault #6, FLTBOUNDS %pc = 0xFF3582E4
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x00000004
>> Received signal #11, SIGSEGV (default)
>> siginfo: SIGSEGV SEGV_MAPERR addr=0x00000004
>>
>> I've been fighting this for a while and have ensured that my Solaris 9
>> boxes are running the latest patches. Kerberos on the clients is the
>> standard one that comes with Solaris. I've installed no additional
>> kerberos components or packages.
>>
>> I'm hoping someone has seen this before or can point me in a new
>> direction. At this point I've pretty much reached the end of my rope and
>> am looking at using local passwords (blech!) on my Solaris 9 clients.
>>
>>
> I don't have a very helpful answer, but if memory serves my Sparc 9
> install exhibits the same behavior. I don't have access to the latest
> updates though so I assumed it was related to that.
>
> rob
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130326/e4c35440/attachment.htm>
More information about the Freeipa-users
mailing list