I'm not really mastering Heimdal just yet so I'd like to be sure I'm
not wrong. But for instance the iprop configuration guide IMO is
incomplete.
https://www.h5l.org/manual/HEAD/info/heimdal/Incremental-propagation.ht
ml
"Then you need to create those principals that you added in the
> On Aug 6, 2018, at 3:52 AM, ASV wrote:
>
> There are sections which are scarcely written and perhaps not even
> correct (like the incremental propagation one).
If you could be a bit more specific, (and as Jeff says open an
issue on Github) we might be able to address some of the most
You're right, I've been reading a lot the MIT documentation because the
Heimdal one is not very good. I made the wrong assumption that also the
acl file syntax was the same, sorry.
By the way, Heimdal is a pretty old project at this point in time but
it doesn't seem to be very actively maintained.
> On Aug 5, 2018, at 5:58 PM, ASV wrote:
>
> For example I'm changing the password of a...@bla.net and the principle
> IS in the acl file as:
> a...@bla.net c (or C which should deny it)
You're reading the MIT Kerberos documentation for the kadmind.acl
file. In heimdal the syntax is
Now doesn't crash finally but works only if the principal is not
specified in the kadmind.acl file.
For example I'm changing the password of a...@bla.net and the principle
IS in the acl file as:
a...@bla.netc (or C which should deny it)
the result is
FROM SERVER:
Aug 5 23:47:59 kdc-core-01
Awesome! I'll modify it manually as it's gonna take some time to get
into the OpenBSD ports anyway.
Thanks.
On Sun, 2018-08-05 at 16:01 -0400, Viktor Dukhovni wrote:
> https://github.com/heimdal/heimdal/commit/dd249257e397a26c48164122c89
> 2c96a10b64c44
> On Aug 5, 2018, at 3:58 PM, ASV wrote:
>
> Anyway, looking forward for the patch. I'm glad I've helped the project
> somehow. Thanks a lot for your time and responsiveness.
https://github.com/heimdal/heimdal/commit/dd249257e397a26c48164122c892c96a10b64c44
--
Viktor.
My kadmind.acl is not tuned at all, I've just given full power to the
users listed using different forms for testing as this is not a
production environment yet.
According to the manual:
* is the same as x
x is a short for admcilsp. All privileges (except e)
vaxx...@bla.net *
vaxx...@bla.net
> On Aug 5, 2018, at 12:33 PM, ASV wrote:
>
> Here we go:
>
> (gdb) frame 2
> #2 0x1fe05dc02bfb in change (auth_context=0x1fe261682080,
> admin_principal=0x1fe318614860, version=65408, s=8, sa=0x7f7e0968,
> sa_size=16, in_data=0x7f7e0310) at kpasswdd.c:410
> 410 ret =
Here we go:
(gdb) frame 2
#2 0x1fe05dc02bfb in change (auth_context=0x1fe261682080,
admin_principal=0x1fe318614860, version=65408, s=8, sa=0x7f7e0968,
sa_size=16, in_data=0x7f7e0310) at kpasswdd.c:410
410 ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, 1,
On Aug 5, 2018, at 5:20 AM, ASV wrote:
>
> Good morning,
> this looks more exhaustive to me. :)
You have debugging symbols in the "kpasswdd" executable, but NOT in the
libkadm5srv.so library. Please also install the re-compiled library and
rerun the test, but first:
> (gdb) bt
> #0
Good morning,
this looks more exhaustive to me. :)
(gdb) r
Starting program: /usr/local/heimdal/libexec/kpasswdd
Program received signal SIGSEGV, Segmentation fault.
0x1fe263d185d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
Current language: auto; currently minimal
(gdb) bt
Thank you Antoine,
I'll try and post the results ASAP.
On Sat, 2018-08-04 at 23:01 +0200, Antoine Jacoutot wrote:
> > > Presumably you did not install an executable with the debug
> > > symbols.
> >
> > About this I do not know what to say, I've seen the CFLAGS in the
> > compiling output lines
> > Presumably you did not install an executable with the debug symbols.
>
> About this I do not know what to say, I've seen the CFLAGS in the
> compiling output lines and I even posted in the email.
> I will try again as soon as I can.
If you build from ports, add INSTALL_STRIP="" to your make
> On Aug 4, 2018, at 3:28 PM, ASV wrote:
>
> I think that I finally got it, did I?
Still no symbols, but yes, you got the instruction decode.
> Program received signal SIGSEGV, Segmentation fault.
> 0x07fe9c69d5d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
> Current
I think that I finally got it, did I?
Program received signal SIGSEGV, Segmentation fault.
0x07fe9c69d5d6 in change () from /usr/local/heimdal/lib/libkadm5srv.so.3.0
Current language: auto; currently minimal
(gdb) bt
#0 0x07fe9c69d5d6 in change () from
> On Aug 4, 2018, at 2:36 PM, ASV wrote:
>
> You've been 23 secs faster to reply than me to correct the email with
> the wrong output! :D
>
> So, the correct one has been sent already. About the source code, well
> I've tried with both but the upstream didn't compile so I'll stick to
> the
On Aug 4, 2018, at 2:05 PM, ASV wrote:
> On Fri, 2018-08-03 at 14:05 -0400, Viktor Dukhovni wrote:
>>> On Aug 3, 2018, at 1:43 PM, ASV wrote:
>>>
>>> No, no crashes using "kadmin -l".
>>
>> This shows that "kadmin" and the libkadm5srv.so library work fine.
>>
>> Which libraries is "kadmin"
You've been 23 secs faster to reply than me to correct the email with
the wrong output! :D
So, the correct one has been sent already. About the source code, well
I've tried with both but the upstream didn't compile so I'll stick to
the OpenBSD one from ports.
On Sat, 2018-08-04 at 14:04 -0400,
Please DISCARD the previous email where I've erroneously posted the
libraries linked to kpasswd and not to kpasswdd.
On Fri, 2018-08-03 at 14:05 -0400, Viktor Dukhovni wrote:
> > On Aug 3, 2018, at 1:43 PM, ASV wrote:
> >
> > No, no crashes using "kadmin -l".
>
> This shows that "kadmin" and
> On Aug 4, 2018, at 1:43 PM, ASV wrote:
>
> On Fri, 2018-08-03 at 14:05 -0400, Viktor Dukhovni wrote:
>>> On Aug 3, 2018, at 1:43 PM, ASV wrote:
>>>
>>> No, no crashes using "kadmin -l".
>>
>> This shows that "kadmin" and the libkadm5srv.so library work fine.
>>
>> Which libraries is
On Fri, 2018-08-03 at 14:05 -0400, Viktor Dukhovni wrote:
> > On Aug 3, 2018, at 1:43 PM, ASV wrote:
> >
> > No, no crashes using "kadmin -l".
>
> This shows that "kadmin" and the libkadm5srv.so library work fine.
>
> Which libraries is "kadmin" linked with (post ldd output)?
# ldd
> On Aug 3, 2018, at 1:43 PM, ASV wrote:
>
> No, no crashes using "kadmin -l".
This shows that "kadmin" and the libkadm5srv.so library work fine.
Which libraries is "kadmin" linked with (post ldd output)?
Which libraries is "kpasswdd" linked with (post ldd output) and make
sure you're
No, no crashes using "kadmin -l". Crashes always using kpasswd from a remote
machine or directly on the KDC itself.
With "it worked well" I was just referring to the fact that "kadmin -l cpw ..."
doesn't work when kpasswdd is down and it doesn't give any error output,
surprisingly. Once the
> On Aug 3, 2018, at 5:27 AM, ASV wrote:
>
> Changing password as suggested (kadmin -l cpw ...) works
No crashes, right? Modulo authentication of the user, UDP transport, ...
ultimately "kadmin -l cpw" and "kpasswd" should end up calling the
same change() function in much the same way.
>
Hello and thanks for your time.
Changing password as suggested (kadmin -l cpw ...) works even if I've realised
that at my first attempt kpasswdd was still down (since yesterday) and I wasn't
notified about any failure straight away (only the daemon logs on
authlog...when is up), it just
> On Aug 2, 2018, at 12:33 PM, ASV wrote:
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x1db26a5615d6 in change () from
> /usr/local/heimdal/lib/libkadm5srv.so.3.0
> Current language: auto; currently minimal
> (gdb) The program is running. Exit anyway? (y or n) n
> Not
27 matches
Mail list logo