Package: heimdal-kdc
Version: 7.5.0+dfsg-3
Severity: important
Dear Maintainer,
On a fresh install of heimdal-kdc with the default configuration, kadmin
does not work for network connections. kadmin -l does work.
When attempting to use kadmin, the client application will die with a
SIGPIPE (exit code 141) immediately after prompting for the password.
The following message is present in the log:
kadmind[8053]: krb5_recvauth: encryption key has bad length
Upon stracing kadmind I discovered that it looks for the database key in
the wrong location:
openat(AT_FDCWD, "/var/lib/heimdal-kdc/m-key", O_RDONLY) = -1 ENOENT (No such
file or directory)
Debian places the key in /var/lib/heimdal-kdc/heimdal.mkey, and the
comments in /etc/heimdal-kdc/kdc.conf state that this is the default
location. Adding the path explicitly in the config file had no effect,
so I suspect kadmind has the path hardcoded somewhere.
I was able to get both the KDC and kadmind working by moving
/var/lib/heimdal-kdc/heimdal.mkey to /var/lib/heimdal-kdc/m-key and
adding an mkey_file directive in kdc.conf:
database = {
dbname = /var/lib/heimdal-kdc/heimdal
mkey_file = /var/lib/heimdal-kdc/m-key
acl_file = /etc/heimdal-kdc/kadmind.acl
}
I have also reproduced this issue in Debian Testing.
-- System Information:
Debian Release: 10.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-9-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages heimdal-kdc depends on:
ii debconf [debconf-2.0] 1.5.71
ii heimdal-clients 7.5.0+dfsg-3
ii krb5-config 2.6
ii libasn1-8-heimdal 7.5.0+dfsg-3
ii libc6 2.28-10
ii libcap-ng0 0.7.9-2
ii libdb5.3 5.3.28+dfsg1-0.5
ii libedit2 3.1-20181209-1
ii libgssapi3-heimdal 7.5.0+dfsg-3
ii libhcrypto4-heimdal 7.5.0+dfsg-3
ii libhdb9-heimdal 7.5.0+dfsg-3
ii libheimbase1-heimdal 7.5.0+dfsg-3
ii libheimntlm0-heimdal 7.5.0+dfsg-3
ii libkadm5srv8-heimdal 7.5.0+dfsg-3
ii libkdc2-heimdal 7.5.0+dfsg-3
ii libkrb5-26-heimdal 7.5.0+dfsg-3
ii libroken18-heimdal 7.5.0+dfsg-3
ii libsl0-heimdal 7.5.0+dfsg-3
ii lsb-base 10.2019051400
ii openbsd-inetd [inet-superserver] 0.20160825-4
Versions of packages heimdal-kdc recommends:
ii logrotate 3.14.0-4
Versions of packages heimdal-kdc suggests:
pn heimdal-docs <none>
-- debconf information excluded