On 07/11/2017 10:37 AM, Andreas Haupt wrote: > On Mon, 2017-07-10 at 08:32 -0400, Jeffrey Hutzelman wrote: >> This is a bug in the kdc, or possibly two bugs. First, the database lookup >> failed and no entry was returned, but the error code was not set and so >> remained zero, which com_err translates as "Success".
>> Second, the kdc is not sending any response at all. I think the bug was introduced by commit 4b4036c9a6697f0101c60845e19664f64fdd0810 and is that the value of ret is squashed by the call to _krb5_find_capath() in tgs_build_reply(). In this scenario, I believe the call succeeds, but doesn't find any capaths, so we don't goto server_lookup, instead dropping down and going to out with ret still 0. _kdc_tgs_rep() doesn't create an error reply if ret is 0, so the KDC sends no reply.
