Thanks for the help. I'm not to familiar to with coredumps and stacktraces, so bare with me,
This is what I did, gdb --args kinit -k 'COMPUTERNAME$@FOO' (gdb) run Program received signal SIGSEGV, Segmentation fault. 0x0000000000000000 in ?? () (gdb) thread apply all bt full I did it with both pkinit_identities = PKCS11:/usr/lib64/pkcs11/opensc-pkcs11.so pkinit_identities = PKCS11:/usr/lib/libiidp11.so And it segaults in both scenarion, both stacktraces attached. ldd /usr/lib/libiidp11.so linux-vdso.so.1 => (0x00007fffeddff000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f0f150fa000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f0f14edd000) libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007f0f14bd7000) libm.so.6 => /lib64/libm.so.6 (0x00007f0f14953000) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f0f1473c000) libc.so.6 => /lib64/libc.so.6 (0x00007f0f143ad000) /lib64/ld-linux-x86-64.so.2 (0x00000038f1e00000) ldd /usr/lib64/pkcs11/opensc-pkcs11.so linux-vdso.so.1 => (0x00007fffdb7ff000) libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f95cb9ed000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f95cb7e8000) libz.so.1 => /lib64/libz.so.1 (0x00007f95cb5d3000) libopensc.so.3 => /usr/lib64/libopensc.so.3 (0x00007f95cb2d3000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f95cb0b6000) libc.so.6 => /lib64/libc.so.6 (0x00007f95cad27000) /lib64/ld-linux-x86-64.so.2 (0x00000038f1e00000) libltdl.so.7 => /usr/lib64/libltdl.so.7 (0x00007f95cab1e000) ldd /usr/sbin/rpc.gssd linux-vdso.so.1 => (0x00007fff361ff000) libgssglue.so.1 => /lib64/libgssglue.so.1 (0x00007fb305187000) libdl.so.2 => /lib64/libdl.so.2 (0x00007fb304f83000) libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fb304d42000) libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fb304a63000) libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fb304837000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fb304634000) libtirpc.so.1 => /lib64/libtirpc.so.1 (0x00007fb30440d000) libc.so.6 => /lib64/libc.so.6 (0x00007fb30407e000) /lib64/ld-linux-x86-64.so.2 (0x00007fb305390000) libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fb303e74000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fb303c72000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fb303a59000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb30383d000) libnsl.so.1 => /lib64/libnsl.so.1 (0x00007fb303624000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fb303405000) Maybe I'm missing something here, but shouldn't pkinit_options be completely ignored when doing kinit with the keytab ? Best regards, Patrik Martinsson, Sweden. -----Ursprungligt meddelande----- Från: [email protected] [mailto:[email protected]] För Douglas E. Engert Skickat: den 17 oktober 2011 20:39 Till: [email protected] Ämne: Re: SV: pkinit and nfs On 10/17/2011 3:21 AM, Martinsson Patrik wrote: > Well yes, however if you add > pkinit_identities = PKCS11:path-to-smartcardlib > to the [libdefaults] section of your krb5.conf, the rpc.gssd will segfault. Do you have the core file from this (or from the kinit failure) or can you force a core file, then get a stack trace? Does this fail with other PKCS#11 libraries Can you try with opensc-pkcs11.so? Can you do an ldd command on the libiidp11.so and on kinit or tpc.gssd to see what other libs each needs? This could be a linking problem with libiidp11.so, where is ends up using the wrong version of some lib used by kinit. > > In my world that means that rpc.gssd reads the pkinit-option in some way, but > I'm not sure. > > Best regards, > Patrik Martinsson, Sweden. > > > > > > Från: Frank Cusack [mailto:[email protected]] > Skickat: den 14 oktober 2011 20:04 > Till: Martinsson Patrik > Kopia: [email protected] > Ämne: Re: pkinit and nfs > > On Fri, Oct 14, 2011 at 1:56 AM, Martinsson > Patrik<[email protected]<mailto:[email protected]>> wrote: > How do I setup krb5.conf to get nfs not use pkinit, whilst when for example > doing a regular "kinit" pkinit should be used. > > "nfs", i.e. rpc.gssd, does not use pkinit ever. It uses only a keytab. > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
