Package: heimdal-kdc
Version: 7.5.0+dfsg-3
Severity: important

Dear Maintainer,

On a fresh install of heimdal-kdc with the default configuration, kadmin
does not work for network connections. kadmin -l does work.

When attempting to use kadmin, the client application will die with a
SIGPIPE (exit code 141) immediately after prompting for the password.

The following message is present in the log:
kadmind[8053]: krb5_recvauth: encryption key has bad length

Upon stracing kadmind I discovered that it looks for the database key in
the wrong location:

openat(AT_FDCWD, "/var/lib/heimdal-kdc/m-key", O_RDONLY) = -1 ENOENT (No such 
file or directory)

Debian places the key in /var/lib/heimdal-kdc/heimdal.mkey, and the
comments in /etc/heimdal-kdc/kdc.conf state that this is the default
location. Adding the path explicitly in the config file had no effect,
so I suspect kadmind has the path hardcoded somewhere.

I was able to get both the KDC and kadmind working by moving
/var/lib/heimdal-kdc/heimdal.mkey to /var/lib/heimdal-kdc/m-key and
adding an mkey_file directive in kdc.conf:

database = {
  dbname = /var/lib/heimdal-kdc/heimdal
  mkey_file = /var/lib/heimdal-kdc/m-key
  acl_file = /etc/heimdal-kdc/kadmind.acl

I have also reproduced this issue in Debian Testing.

-- System Information:
Debian Release: 10.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-9-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages heimdal-kdc depends on:
ii  debconf [debconf-2.0]             1.5.71
ii  heimdal-clients                   7.5.0+dfsg-3
ii  krb5-config                       2.6
ii  libasn1-8-heimdal                 7.5.0+dfsg-3
ii  libc6                             2.28-10
ii  libcap-ng0                        0.7.9-2
ii  libdb5.3                          5.3.28+dfsg1-0.5
ii  libedit2                          3.1-20181209-1
ii  libgssapi3-heimdal                7.5.0+dfsg-3
ii  libhcrypto4-heimdal               7.5.0+dfsg-3
ii  libhdb9-heimdal                   7.5.0+dfsg-3
ii  libheimbase1-heimdal              7.5.0+dfsg-3
ii  libheimntlm0-heimdal              7.5.0+dfsg-3
ii  libkadm5srv8-heimdal              7.5.0+dfsg-3
ii  libkdc2-heimdal                   7.5.0+dfsg-3
ii  libkrb5-26-heimdal                7.5.0+dfsg-3
ii  libroken18-heimdal                7.5.0+dfsg-3
ii  libsl0-heimdal                    7.5.0+dfsg-3
ii  lsb-base                          10.2019051400
ii  openbsd-inetd [inet-superserver]  0.20160825-4

Versions of packages heimdal-kdc recommends:
ii  logrotate  3.14.0-4

Versions of packages heimdal-kdc suggests:
pn  heimdal-docs  <none>

-- debconf information excluded

Reply via email to