Hi,
> Not a problem ... our Head of IS did a detailed write up on our > investigation process and findings at his blog if you are interested: > > http://blog.tinola.com/?e=36 Thanks, thats really interesting and very detailed. Someone from RedHat really should take a look at this. Most likely EAI_NODATA is not defined in the libc, thats why upgrading libc helps and upgrading libkrb5 doesn't. So the real problem is that getaddrinfo() returns an error code unknown to the libc (other applications than libkrb5 may suffer from problems as well; although they probably don't abort()). Looks like EAI_NODATA is deprecated, and its already removed from freebsd for example, in favor of EAI_NONAME [1]. As for the workaround: you should be able to disable the kerberos ciphers in HAproxy configuration, so that you can continue to run it in chroot. Or maybe compiling with -DEAI_NODATA=EAI_NONAME would help? What are those ciphers anyway (openssl ciphers -v 'LOW')? I don't seem to have them here on ubuntu ... [1] http://krbdev.mit.edu/rt/Ticket/History.html?id=5518
