FYI, the git repository has been reorganized now that upstream has
moved to git.
See experimental branch of
git://git.debian.org/git/pkg-k5-afs/debian-krb5-2013.git
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
** Bug watch added: Debian Bug tracker #631106
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631106
** Also affects: krb5 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631106
Importance: Unknown
Status: Unknown
--
You received this bug notification because you
*** This bug is a duplicate of bug 874130 ***
https://bugs.launchpad.net/bugs/874130
** This bug has been marked a duplicate of bug 874130
Canonicalize fallback only works for different realm (MITKRB RT #6917)
--
You received this bug notification because you are a member of Ubuntu
Russ, I thought that they were listed in the admin info pages too.
however, while I see a bunch of examples, searching for the string hmac
in the sources to the admin guide, I don't actually find a complete list
of the encryption types anywhere.
Am I missing something?
--
You received this bug
They are in fact in support-enc.texinfo.
OK.
So, to the extent there is a bug it's that kdc.conf's manpage doesn't
tell you to go look at the admin guide.
I don't think we want to duplicate the information.
--
You received this bug notification because you are a member of Ubuntu
Server Team,
J == J Sadler 900...@bugs.launchpad.net writes:
J You may want to reconsider adding it to kdc.conf's man page. I
J don't believe that in a normal client install that you would get
J the admin guide. Don't you only get it if you install the admin
J packages?
1) It's in
Micah == Micah Gersten launch...@micahscomputing.com writes:
Micah This is due to this bug in Debian:
Micah http://bugs.debian.org/cgi- bin/bugreport.cgi?bug=650541
Micah Apparently a private symbol somehow was exported and ended up
Micah breaking upgrades to the new krb5, so
I'd definitely take a look at what hostname --fqdn returns on all the
machines.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/913166
Title:
kprop will not find slave-kdc
To manage
I suspect that you have a version of libgssapi-krb5-2 different than
libkrb5-dbg
can you try
aptitude reinstall libgssapi-krb5-2 libkrb5-dbg and see if the messages
change?
status incomplete
importance low
** Changed in: krb5 (Ubuntu)
Importance: Undecided = Low
** Changed in: krb5
OK, setting your status back to new.
I don't have permission to propose an upload to lucid to fix this.
status new
** Changed in: krb5 (Ubuntu)
Status: Incomplete = New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5
Old stash files are in fact byte order and probably but I'm not sure
word size dependent. Look at the add_mkey command to kdb5_util. I
think if you add a new master key and write it out to a new keytab
format stash file then all should be well.
If the database was created with 1.9.1 then I
take a look at upstream commit 6e83d0bd31721ac86003530dd2450221dd05d0c2
These functions were added later and were used by a Mac-specific project
that had a different export list. I'm fairly sure this is simply an
upstream bug and the symbols should be exported.
--
You received this bug
** Bug watch added: krbdev.mit.edu/rt/ #7135
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7135
** Also affects: kerberos via
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7135
Importance: Unknown
Status: Unknown
** Also affects: krb5 (Ubuntu)
Importance: Undecided
The problem is far deeper than the socket binding. The gssrpc library
doesn't support v6 at all in this version of krb5. Fixed in 1.9.
** Also affects: krb5 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624710
Importance: Unknown
Status: Unknown
--
You received this
So, fixing this particular bug in krb5-rsh-server is almost certainly
relatively easy. Fixing krb5-rsh-server to use PAM directly is more
involved; it should be done, but there is not a lot of resources going
into krb5-rsh-server and krb5-clients at the moment. Upstream split
these into the
Tom == Tom Yu t...@mit.edu writes:
Tom This bug originates from a Debian patch to krb5-1.8 that adds
Tom IPv6 support to kpropd. The Debian version of krb5-1.9 doesn't
Tom have this problem. It is probably not difficult to fix Debian's
Tom krb5-1.8 patch, but this should probably
Hi. What's going on here is that it seems there are cases where on
process exit, ld.so will destruct the plugins before it destructs the
dlopening library. So it sets m_inited to 0. But as part of its
finalizer the library tries to clean up its resources, and dlcloses the
plugins. Getting you
Stefan, I've prepared packages that should fix the problem available at
https://launchpad.net/~hartmans/+archive/ubuntu-fixes
that page includes instructions on how to add the archive to your system.
After you do that please update at least libgssapi-krb5-2 and let us know
whether it fixes
Did you update moonshot-gs-eap?,
There's a bad version the produce is that
Stefan Paetow stefan.pae...@diamond.ac.uk wrote:
Sam, I now get a segfault in gss-server:
Reading symbols from /usr/bin/gss-server...(no debugging symbols
found)...done.
(gdb) set args -verbose host@localhost
(gdb) run
OK, that's probably the cause of the segfault.
I've deleted the broken packages from our debian and ubuntu archives.
Unfortunately getting fixed packages to reappear is a bit annoying at
the moment.
The packages in
http://repository.project-moonshot.org/debian-moonshot/pool/main/m/moonshot-gss-eap
Stefan == Stefan Paetow stefan.pae...@diamond.ac.uk writes:
Stefan Ok, I've reinstalled the moonshot libraries, the error has
Stefan gone away and there are no more segfaults.
OK.
So, if I'm understanding correctly the libgssapi-krb5-2 from my PPA did
fix the problem.
There was a
This bug also exists in Debian; here's a patch I'll upload in a future
Debian krb5 version that will eventually make its way into Ubuntu.
** Patch added:
0001-Fix-default-location-of-kpropd.acl-in-kpropd.M-LP-68.patch
I'm not against including a patch in the Debian package to reduce Ubuntu
deltas. I want to make sure that things continue to work if inserv is
used as that's where Debian is going. If we can preserve that, I think
that having a patch mostly intended for Ubuntu is fine.
--
You received this bug
Mark == Mark Deneen 715...@bugs.launchpad.net writes:
Mark I built 1.8.3 from the natty source package, but the problem
Mark still exists in that version.
If you're comfortable trying a package out of my PPA (I'm the Debian
krb5 maintainer and a member of the upstream core team)
Take a
Mark == Mark Deneen 715...@bugs.launchpad.net writes:
Mark Sam, I'll give it a shot. -- You received this bug
Mark notification because you are subscribed to krb5 in ubuntu.
Mark https://bugs.launchpad.net/bugs/715579
I'm sorry I asked you to do this.
I didn't see your note that
** Changed in: krb5 (Ubuntu)
Status: New = In Progress
** Changed in: krb5 (Ubuntu)
Assignee: (unassigned) = Sam Hartman (hartmans)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in ubuntu.
https://bugs.launchpad.net
This bug is being fixed for Debian; I hope to get into a squeeze update.
Note that Ubuntu probably wants all the other things in the upcoming
1.8.3+dfsg-5 stable Debian update.
However I'm attaching the two patches for this issue.
--
You received this bug notification because you are a member
This bug is being fixed for Debian; I hope to get into a squeeze update.
Note that Ubuntu probably wants all the other things in the upcoming
1.8.3+dfsg-5 stable Debian update.
However I'm attaching the two patches for this issue.
** Patch added: 0001-ticket-6876.patch
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616728
Importance: Unknown
Status: Unknown
** Changed in: krb5 (Ubuntu)
Status: In Progress = Fix Committed
** Changed in: krb5 (Ubuntu)
Assignee: Sam Hartman (hartmans) = (unassigned)
--
You received this bug notification
I suspect what's going on here is that when
krb5_get_init_creds_set_out_ccache was added
the error reporting was bad.
I will attempt to look at this if no one gets there sooner.
take a look at the handling of out_ccahe in
src/lib/krb5/krb/get_in_tkt.c
--
You received this bug notification
Hi. I'm the Debian maintainer of the krb5 package. I think that
merging either 1.6.dfsg.4~beta1-13 or doing a sync of unstable to
Ubuntu would be a reasonable course of action. The 1.7~beta1 packages
are not something I'd ship in a final release: I know of one upstream
patch expected to be in
While it looks like 1.7 has very similar functionality to Likewise, the
implementation and exposed API seems unrelated. So, syncing krb5 1.7
will break Likewise until their code changes
--
Please merge krb5 1.7dfsg~beta1-3 (main) from Debian unstable (main)
1.7dfsg~beta1-4 includes a fix to a serious interop problem with
heimdal-kdc from universe and no other changes. Sync it instead
** Summary changed:
- Sync krb5 1.7dfsg~beta1-3 (main) from Debian unstable (main).
+ Sync krb5 1.7dfsg~beta1-4 (main) from Debian unstable (main).
--
Sync krb5
krb5-kdc intentiollay does not require update-inted and will function if
update-inetd is not available. If it is available, it will add an
example line to inetd.conf. I'm not usre what's up with the doc-base
errors: in Debian, krb5-doc does install and register with doc-base
--
Missing
As far as I can tell that was the only lintian error that represented
a real problem in the package.
--
Missing dependency on update-inetd and other issues
https://bugs.launchpad.net/bugs/374819
You received this bug notification because you are a member of Ubuntu
Server Team, which is
My guess is that the DES only checkbox is checked in your AD
configuration for the service account used by the Apache server. If you
clear that checkbox and generate a keytab including both RC4 and DES
keys then I suspect allow_weak_crypto will not be needed.
I'm sorry, but I do not have
In Debian unstable installing krb5-kdxc-ldap automatically changes the
order. This could be backported.
Clint Byrum cl...@fewbar.com wrote:
Since both services may depend on the other in ways that will break, we
can only support a default configuration.
The server guide currently does not have
Thanks, the following untested patch probably fixes.
This will make its way in in my next upload to Debian, where I'll test it.
From 19eab6834f793329a042279c5257bda12f2bed8e Mon Sep 17 00:00:00 2001
From: Sam Hartman hartm...@debian.org
Date: Tue, 3 Nov 2009 13:32:58 -0500
Subject: [PATCH
Peter == Peter Cordes pe...@cordes.ca writes:
Peter On Tue, Nov 03, 2009 at 06:34:23PM -, Sam Hartman wrote:
-Source: krb5 +8Source: krb5
Peter Is that a typo?
Yes, *sigh*
--
Installs symlinks to files in non-dependency libkadm5clnt6
https://bugs.launchpad.net/bugs/472080
The following patch is in karmic. It will cause things to work if a
password server has both v4 and v6 addresses and you have v4
connectivity.
I think the 1.7 server has v6 support, but I don't think the 1.7
client even has v6 support.
However, backporting this patch might make the problem
Chuck == Chuck Short chuck.sh...@canonical.com writes:
Chuck Thanks I was wondering how I can reproduce this? Regards
Chuck chuck
Set up openssh-krb5 on a server with a keytab
set GssapiKeyExchange to yes in sshd_config
set gssapiKeyExchange to yes in a client config.
Set the replay
This has been fixed upstream; I will be fixing for Debian shortly.
** Changed in: krb5 (Ubuntu)
Status: New = Confirmed
** Bug watch added: Debian Bug tracker #557979
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557979
** Also affects: krb5 (Debian) via
I released 1.7+dfsg-3 to Debian unstable. That includes a fix to this
bug. I'd recommend that Ubuntu sync that version into a karmic update
once it hits squeeze in order to address this issue. The code changes
between what's in karmic now and 1.7+dfsg-3 are all reasonably
important bug fixes
Evan == Evan Broder bro...@mit.edu writes:
Evan This shouldn't be a problem. We're still in sync phase for
Evan Ubuntu Lucid, so the new krb5 package will get automatically
Evan pulled in when it hits Debian testing.
I understand that. The user proposed and I agree at least that
Evan == Evan Broder bro...@mit.edu writes:
Evan I think the patch is a little extensive to be directly
Evan uploaded as a Karmic SRU, but I'll look at pulling a SRU
Evan patch together for just the bugfixes.
If you don't want to take the full patch, then take a look at
Colin == Colin Whittaker co...@netech.ie writes:
Colin I built new packages based on Evan's debdiff and have
Colin deployed them. This removed all the impact we were seeing
Colin with single password errors causing account lockout.
Colin This bug has massive impact on user
See R23482 in upstream subversion; upstream bug 6594
--
credentials cache file not created
https://bugs.launchpad.net/bugs/507490
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in ubuntu.
--
Ubuntu-server-bugs mailing list
Russ == Russ Allbery r...@debian.org writes:
Russ Jochen jradmac...@gmx.de writes:
After upgrading the krb5 libraries to 1.8 I could not mount my
Kerberized NFS4 shares. The following error Message is in the
syslog for every mount attempt:
rpc.gssd[1298]: rpcsec_gss:
for unstable or simply
wait for this to hit testing and do an automatic sync.
Attached is the Debian patch for this issue:
commit 2a663b1c184ec10a450b2709bb7525447bb99bac
Author: Sam Hartman hartm...@debian.org
Date: Fri Jan 22 17:13:51 2010 -0500
subject: krb5int_fast_free_state segfaults if state
As Debian maintiner I strongly support this sync request. There are
additional upstream fixes that you can examine from the Debian git
repository. All of these will be included in upstream 1.8. Upstream is
quite conservative about what changes are approved at this point in the
process.
--
even at this point in the process.
Changelog entries since current lucid version 1.8+dfsg~alpha1-7ubuntu1:
krb5 (1.8.1+dfsg-2) unstable; urgency=high
* Fix crash in renewal and validation, Thanks Joel Johnson for such a
prompt bug report, Closes: #577490
-- Sam Hartman hartm
Mathias == Mathias Gug math...@ubuntu.com writes:
Mathias To really make sure things are not broken, we'd have to
Mathias look at packages started to use krb5_init_creds_step in
Mathias lucid and make sure they're using the flags in the correct
Mathias order.
Yes, but I think
I don't see a upstream krb5 bug for this issue.
I would recommend against applying this patch until someone familiar
with the SPNEGO security model and the code has evaluated it.
Basically, certain versions of Windows produce bad SPNEGO tokens. It's
appropriate to ignore these in some
As best I can tell, the behavior of the patch is explicitly forbidden by
RFC 4178 section 5; see II under clause B and C. However, I'll admit
that the behavior described in Appendix C does not seem consistent with
what I remember for Windows 2000... Perhaps that's only the Windows
behavior for
OK, here's where this stands.
We've been discussing on #krbdev, the upstream krb5 IRC channel.
We agree that ignoring a MIC token that is an exact copy of the response
token is security neutral and it looks like both upstream and I are
comfortable making a change to do that even though it seems to
jean-yves == jean-yves chateaux jean-
yves.chate...@sagemcom.com writes:
jean-yves The errors are the results of MIT resolution to exclude
jean-yves DES/DES3 from the supported enctypes (security reasons).
jean-yves The parameter allow_weak_crypto = true should be added
jean-yves
The Kerberos Consortium has a paper on integrating Kerberos into an
application; see http://www.kerberos.org/software/appskerberos.pdf .
I believe that the lucid behavior is correct according to MIT's
documentation: what should be happening is that
* with rdns=true (default), both forward and
Well, everything should work fine if you make your DNS consistent.
Honestly if I was going to make a behavior change here I'd have Firefox
call gss_import_name with a name type that does not involve resolution.
--Sam
--
krb5 prefers the reverse pointer no matter what for locating service
Jesper == Jesper Krogh jes...@krogh.cc writes:
Jesper Hi Russ. I cannot say anything about what other are
Jesper Would a patch that makes the behaviour configurable be
Jesper acceptable?
I think that this patch should be accepted only if upstream is
interested in the patch. Given
In terms of work arounds, if your KDC is an AD KDc, you can add the
final hostnames as ServicePrincipalName attributes on AD for the account
in question. That should make things work either for a Windows server
or for a 1.7+ MIT server.
If your KDC is Unix you can add principals for the final
jean-yves == jean-yves chateaux jean-
yves.chate...@sagemcom.com writes:
If Allow_weak_crypto = true is making things work better with
Windows,
jean-yves something is broken somewhere else to cause this.
jean-yves Without this parameter in krb5.conf the auth against the
J == J Bruce Fields bfie...@fieldses.org writes:
J We're adding an API to krb5 to fix this for OpenAFS. Because of
J the way the API is constructed, it's very difficult for GSSD to
J actually call it.
J Do you have a pointer to the details?
/* Allows the appplication to
Gerald == Gerald Carter je...@plainjoe.org writes:
Gerald I think Sam is wanting to know if likewise has submitted the
Gerald patch to upstream MIT krb5. If that is the case, I'll check
Gerald on the state of things and update the bug report.
That is. Early on you mentioned you
Thierry == Thierry Carrez thierry.car...@ubuntu.com writes:
Thierry @Sam: let me know if you feel comfortable applying that
Thierry patch now. Once it's fixed in sid/maverick, I'll push a SRU
Thierry for lucid.
Sure. I will attempt to get to it this weekend.
Anything you want me to
Not criticising here, but asking.
At a level deeper than it causes apt to work correctly, why is adding
replaces a reasonable fix?
Nothing in libkdb5-7 actually replases libkadm5-mit8
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
Martin == Martin Pitt martin.p...@ubuntu.com writes:
No complains at all.
I was just hoping to learn from you guys.
I actually probably want this delta for wheezy-jessie.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in
Public bug reported:
There's a bug fixed in krb5 1.12.1+dfsg-2 (just uploaded to Debian) where if a
gss-api mechanism is dynamically loaded, and that mechanism uses symbols from
libgssapi_krb5, and doesn't provide certain optional entry points added in krb5
1.12, then calling one of those
Marking confirmed because I started tracking this down based on a report
to the Moonshot project from Rhys Smith which ended up being this issue.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
Luke == Luke Howard lu...@padl.com writes:
Luke How about grabbing this commit from browserid: commit
Luke e51f544e6c0b92c88163d1b0f4ae110869abf070 Author: Luke Howard
Luke lu...@padl.com Date: Thu Oct 24 18:10:24 2013 -0700
That's something to consider for the specific case of
I've built the linked branch in ppa:hartmans/ubuntu-fixes for trusty.
With these packages installed and the attached radsec.conf installed as
/usr/local/etc/radsec.conf, then gss-server starts correctly as expected.
Without radsec.conf installed it prints an error about being unable to acquire
Here's the patch from debian krb5 1.12.1+dfsg-2
** Patch added: 0014-Do-not-loop-on-add_cred_from-and-other-new-methods.patch
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1326500/+attachment/4125522/+files/0014-Do-not-loop-on-add_cred_from-and-other-new-methods.patch
--
You received
** Changed in: krb5 (Ubuntu)
Status: New = Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1332985
Title:
Add the krb5-send-pr command to the ubuntu package
To manage
Since I'd really like to see the gss infinite loop patch into trusty
I'm going to update the branch for that to also include this fix and
build packages.
Expect a branch link in a few minutes.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
See https://launchpad.net/~hartmans/+archive/ubuntu-fixes packages
building. I had to upload with a different version number on the branch
because that ppa already had a krb5 build.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
With the upload of krb5 1.12.1+dfsg-3ubuntu1 to utopic, this is fixed in
utopic. Any additional help I can provide getting this into trusty?
** Changed in: krb5 (Ubuntu)
Status: Triaged = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team,
I'm happy to upload a new krb5 to debian so you can sync it if you want
that approach.
I'm also happy if Ubuntu wants to go with a binary rebuild of krb5.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
Please see https://launchpad.net/~hartmans/+archive/ubuntu/krb5 for
trusty packages that should fix the problem.
Can I get confirmation from Tom or someone else that without these
packages trusty fails the reproduce test in comment #1 and with them, it
succeeds the test proposed in comment #1?
I'm sorry, can I get someone to test the packages at
https://launchpad.net/~hartmans/+archive/ubuntu/ubuntu-fixes
not the URI I gave in the previous message.
I pulled the wrong PPA off my home page.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
** Description changed:
- In some conditions, propagating a kerberos database to a slave KDC server can
stall.
+ In some conditions, propagating a kerberos database to a slave KDC server or
performing other database operations can stall. As we've investigated the
issue, it looks like a
hi.
If I'm understanding the SRU procedure correctly,
I think we need to get someone to review the referenced bug for
inclusion in trusty.
https://bugs.launchpad.net/gcc/+bug/1347147
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
Sam == Sam Hartman hartm...@debian.org writes:
Sam hi. If I'm understanding the SRU procedure correctly, I think
Sam we need to get someone to review the referenced bug for
Sam inclusion in trusty.
Sorry, launchpad strips more mail headers than I thought it did.
That was sent
debdiff included
** Patch added: debdiff between current trusty and linked branch
https://bugs.launchpad.net/gcc/+bug/1347147/+attachment/4166949/+files/krb5-trusty-stable.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
to TAILQ macros instead of CIRCLEQ macros,
to work around an issue with certain gcc versions. This is expected to
resolve Ubuntu bug (LP: #1347147).
[ Sam Hartman ]
* Include a quick and dirty patch so we build cleanly with -O3 fixing
incorrect may be uninitialized warnings
I've request a krb5 sync from debian unstable in
https://bugs.launchpad.net/bugs/1352438 that should fix this issue and
include some needed security fixes in utopic.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
This is fixed in Debian in 1.12.1+dfsg-87, currently in unstable. The
only change between -6 (utopic) and -7 is the fix to this bug.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
*** This bug is a security vulnerability ***
Public security bug reported:
Fix LDAP key data segmentation [CVE-2014-4345]
For principal entries having keys with multiple kvnos (due to use of
-keepold), the LDAP KDB module makes an attempt to store all the keys
having the
Here's an ubdated debdiff that includes the security update applied to
trusty. I'm still waiting for a sponsor for this.
** Patch removed: debdiff between current trusty and linked branch
Robie == Robie Basak 1347...@bugs.launchpad.net writes:
Robie Thanks Sam. I'm sorry I can't sponsor krb5, only triage the
Robie bug and guide it through to sponsorship. It looks like you
Robie know what you're doing here, so I guess we'll just need to
Robie wait for a sponsor to
Hi. Here's the rationale behind the krb5-kdc krb5-kadmin-server split.
The krb5-kdc package includes the things you'd need on a traditional slave KDC.
One of the key things about a slave KDC is that the database is read-only.
The slave is not making any changes to the database, locally or
Iain == Iain Lane i...@orangesquash.org.uk writes:
Iain Thanks Sam, I've uploaded krb5. ** Changed in: krb5 (Ubuntu
Iain Trusty) Status: Triaged = In Progress
Hi.
I haven't seen this hit proposed yet.
Is that expected? What is the next step?
--
You received this bug notification
I enabled proposed, confirmed that as I described in the initial test case
gss-server segfaults with 1.12+dfsg-2ubuntu4. Then I installed
libgssapi-krb5-2 from trusty-proposed. That pulled in most of the other krb5
packages as I'd expect all version 1.12+dfsg-2ubuntu5.
I ran gss-server and it
** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1326500
Title:
libgssapi-krb5-2: segfault when mechglue loops
To test:
Install precise.
On precise, enable multiple architectures (say amd64 and i386)
install libkadm5srv-mit8.
Update your sources.list to trusty, try installing libkadm5srv-mit8.
I'd expect that to fail.
Update your sources.list to also include trusty-proposed.
Upgrade libkadm5srv-mit8;
This has been fixed upstream; I will be fixing for Debian shortly.
** Changed in: krb5 (Ubuntu)
Status: New = Confirmed
** Bug watch added: Debian Bug tracker #557979
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557979
** Also affects: krb5 (Debian) via
I released 1.7+dfsg-3 to Debian unstable. That includes a fix to this
bug. I'd recommend that Ubuntu sync that version into a karmic update
once it hits squeeze in order to address this issue. The code changes
between what's in karmic now and 1.7+dfsg-3 are all reasonably
important bug fixes
Evan == Evan Broder bro...@mit.edu writes:
Evan This shouldn't be a problem. We're still in sync phase for
Evan Ubuntu Lucid, so the new krb5 package will get automatically
Evan pulled in when it hits Debian testing.
I understand that. The user proposed and I agree at least that
Evan == Evan Broder bro...@mit.edu writes:
Evan I think the patch is a little extensive to be directly
Evan uploaded as a Karmic SRU, but I'll look at pulling a SRU
Evan patch together for just the bugfixes.
If you don't want to take the full patch, then take a look at
Colin == Colin Whittaker co...@netech.ie writes:
Colin I built new packages based on Evan's debdiff and have
Colin deployed them. This removed all the impact we were seeing
Colin with single password errors causing account lockout.
Colin This bug has massive impact on user
The following patch is in karmic. It will cause things to work if a
password server has both v4 and v6 addresses and you have v4
connectivity.
I think the 1.7 server has v6 support, but I don't think the 1.7
client even has v6 support.
However, backporting this patch might make the problem
Chuck == Chuck Short chuck.sh...@canonical.com writes:
Chuck Thanks I was wondering how I can reproduce this? Regards
Chuck chuck
Set up openssh-krb5 on a server with a keytab
set GssapiKeyExchange to yes in sshd_config
set gssapiKeyExchange to yes in a client config.
Set the replay
1 - 100 of 219 matches
Mail list logo
