On Tue, Mar 26, 2013 at 07:05:20PM -0400, Rob Crittenden wrote:
> David Redmond wrote:
> >Hi,
> >
> >I've setup FreeIPA for the first time and am using it successfully with
> >Linux and Solaris 10 clients. On 8 separate Solaris 9 clients I'm
> >running into an issue where 'kinit USER', for any user, fails with a
> >segmentation fault after prompting for a password. On the client side
> >there are no log entries. On the server side the "Additional
> >pre-authentication required" entry is written to the log. When I execute
> >'kinit -k' everything works normally. I've verified that the keytabs for
> >the Solaris 9 clients use only des-cbc-crc encryption and that
> >allow_weak_crypto = true is set on the server side. Running 'truss kinit
> >USER' on the Solaris 9 clients end with:
> >Incurred fault #6, FLTBOUNDS  %pc = 0xFF3582E4
> >   siginfo: SIGSEGV SEGV_MAPERR addr=0x00000004
> >Received signal #11, SIGSEGV (default)
> >   siginfo: SIGSEGV SEGV_MAPERR addr=0x00000004
> >
> >I've been fighting this for a while and have ensured that my Solaris 9
> >boxes are running the latest patches. Kerberos on the clients is the
> >standard one that comes with Solaris. I've installed no additional
> >kerberos components or packages.
> >
> >I'm hoping someone has seen this before or can point me in a new
> >direction. At this point I've pretty much reached the end of my rope and
> >am looking at using local passwords (blech!) on my Solaris 9 clients.
> >
> I don't have a very helpful answer, but if memory serves my Sparc 9
> install exhibits the same behavior. I don't have access to the
> latest updates though so I assumed it was related to that.

Maybe a network trace of the AS-REQ with tcpdump or wireshark would help
to identify the difference between kinit and kinit -k and indicate what
make kinit fails?


> rob
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Freeipa-users mailing list

Reply via email to