Good morning,
this looks more exhaustive to me. :)
(gdb) r
Starting program: /usr/local/heimdal/libexec/kpasswdd
Program received signal SIGSEGV, Segmentation fault.
0x1fe263d185d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
Current language: auto; currently minimal
(gdb) bt
Thank you Antoine,
I'll try and post the results ASAP.
On Sat, 2018-08-04 at 23:01 +0200, Antoine Jacoutot wrote:
> > > Presumably you did not install an executable with the debug
> > > symbols.
> >
> > About this I do not know what to say, I've seen the CFLAGS in the
> > compiling output lines
Here we go:
(gdb) frame 2
#2 0x1fe05dc02bfb in change (auth_context=0x1fe261682080,
admin_principal=0x1fe318614860, version=65408, s=8, sa=0x7f7e0968,
sa_size=16, in_data=0x7f7e0310) at kpasswdd.c:410
410 ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, 1,
On Aug 5, 2018, at 5:20 AM, ASV wrote:
>
> Good morning,
> this looks more exhaustive to me. :)
You have debugging symbols in the "kpasswdd" executable, but NOT in the
libkadm5srv.so library. Please also install the re-compiled library and
rerun the test, but first:
> (gdb) bt
> #0
> On Aug 5, 2018, at 12:33 PM, ASV wrote:
>
> Here we go:
>
> (gdb) frame 2
> #2 0x1fe05dc02bfb in change (auth_context=0x1fe261682080,
> admin_principal=0x1fe318614860, version=65408, s=8, sa=0x7f7e0968,
> sa_size=16, in_data=0x7f7e0310) at kpasswdd.c:410
> 410 ret =
Now doesn't crash finally but works only if the principal is not
specified in the kadmind.acl file.
For example I'm changing the password of a...@bla.net and the principle
IS in the acl file as:
a...@bla.netc (or C which should deny it)
the result is
FROM SERVER:
Aug 5 23:47:59 kdc-core-01
> On Aug 5, 2018, at 5:58 PM, ASV wrote:
>
> For example I'm changing the password of a...@bla.net and the principle
> IS in the acl file as:
> a...@bla.net c (or C which should deny it)
You're reading the MIT Kerberos documentation for the kadmind.acl
file. In heimdal the syntax is
> On Aug 5, 2018, at 3:58 PM, ASV wrote:
>
> Anyway, looking forward for the patch. I'm glad I've helped the project
> somehow. Thanks a lot for your time and responsiveness.
https://github.com/heimdal/heimdal/commit/dd249257e397a26c48164122c892c96a10b64c44
--
Viktor.
My kadmind.acl is not tuned at all, I've just given full power to the
users listed using different forms for testing as this is not a
production environment yet.
According to the manual:
* is the same as x
x is a short for admcilsp. All privileges (except e)
vaxx...@bla.net *
vaxx...@bla.net
Awesome! I'll modify it manually as it's gonna take some time to get
into the OpenBSD ports anyway.
Thanks.
On Sun, 2018-08-05 at 16:01 -0400, Viktor Dukhovni wrote:
> https://github.com/heimdal/heimdal/commit/dd249257e397a26c48164122c89
> 2c96a10b64c44
10 matches
Mail list logo