Your message dated Fri, 16 Sep 2016 17:07:52 -0400 with message-id <ldvpoo3eeon....@sarnath.mit.edu> and subject line close by submitter request has caused the Debian Bug report #706635, regarding krb5-kdc: Login Programs that use Kerberos Authentication fail to login, hang, use 100% CPU. to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 706635: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706635 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: krb5-kdc Version: 1.10.1+dfsg-5 Severity: normal Dear Kerberos Maintainer, I now have two entirely unrelated systems with this behavior. It cropped up about 3-4 weeks ago. I doubt it's the KDC; I only know it's kerberos related. I honestly don't know exactly what is the root cause, but it has something to do with apps that authenticate using kerberos. Both use Kerberos & LDAP, but are on entirely different networks (ie. home & office), which are not connected. When a user attempts to authenticate, the authenticating program then appears to freeze, and consumes 100% CPU. The following login programs have this behavior: * getty * KDM * kinit * kadmin (or does this just call kinit?) * passwd (ie. to change password "Input Kerberos Password") * netatalk (AFP Server daemon) The behavior does not happen when using a user that is not authenticated using Kerberos. My home system is running Debian Sid, and its data is attached to this bug report. The office system is running Ubuntu 13.04 - it's not a Debian system, but I believe the projects cooperate somewhat. I was surprised to see the exact same behavior in Ubuntu. /var/log/auth log shows something like: Apr 30 21:02:48 pilot afpd[11401]: pam_krb5(netatalk:auth): (user ttelford) krb_kuserok for user ttelford failed Apr 30 21:02:48 pilot afpd[11401]: pam_krb5(netatalk:auth): failed authorization check; logname=ttelford uid=0 euid=0 tty=afpd ruser= rhost=sluggo.pariahzero.net /var/log/kdc log shows: pr 30 21:02:48 pilot.pariahzero.net krb5kdc[7096](info): AS_REQ (4 etypes {18 17 16 23}) 2001:1938:240:1000::1: NEEDED_PREAUTH: ttelf...@pariahzero.net for krbtgt/pariahzero....@pariahzero.net, Additional pre-authentication required Apr 30 21:02:48 pilot.pariahzero.net krb5kdc[7096](info): AS_REQ (4 etypes {18 17 16 23}) 2001:1938:240:1000::1: ISSUE: authtime 1367377368, etypes {rep=18 tkt=18 ses=18}, ttelf...@pariahzero.net for krbtgt/pariahzero....@pariahzero.net While the above log messages are from pam_krb5, unless I'm mistaken, kinit, kadmin, and maybe the passwd change dialog do not use PAM. If you have any tips on what I can to to narrow down the actual cause, I'd appreciate it. Additional Info: KDC on 'home' system is a Debian 'Sid' System KDC on 'office' system is an Ubuntu 12.04 system. The problem only appeared after upgrading my desktop (not the KDC) to Ubuntu 13.04. -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages krb5-kdc depends on: ii debconf [debconf-2.0] 1.5.49 ii krb5-config 2.3 ii krb5-user 1.10.1+dfsg-5 ii libc6 2.13-38 ii libcomerr2 1.42.5-1.1 ii libgssapi-krb5-2 1.10.1+dfsg-5 ii libgssrpc4 1.10.1+dfsg-5 ii libk5crypto3 1.10.1+dfsg-5 ii libkadm5clnt-mit8 1.10.1+dfsg-5 ii libkadm5srv-mit8 1.10.1+dfsg-5 ii libkdb5-6 1.10.1+dfsg-5 ii libkeyutils1 1.5.5-7 ii libkrb5-3 1.10.1+dfsg-5 ii libkrb5support0 1.10.1+dfsg-5 ii libverto1 0.2.2-1 ii lsb-base 4.1+Debian9 krb5-kdc recommends no packages. Versions of packages krb5-kdc suggests: ii krb5-admin-server 1.10.1+dfsg-5 ii krb5-kdc-ldap 1.10.1+dfsg-5 ii openbsd-inetd [inet-superserver] 0.20091229-2 -- debconf information: * krb5-kdc/debconf: true * krb5-kdc/run-krb524: false * krb5-kdc/krb4-mode: disable krb5-kdc/purge_data_too: false
--- End Message ---
--- Begin Message ---Control: notfound -1 krb5/1.10.1+dfsg-5 Closing this bug by submitter request.
--- End Message ---
