[Bug 715579] Re: krb5-kdc-ldap plugin crashes krb5-kdc sometimes when password policy is set

Jamie Strandboge jamie at ubuntu.com
Fri Oct 21 19:38:02 UTC 2011 

This should be fixed with http://www.ubuntu.com/usn/usn-1233-1/

** Changed in: krb5 (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/715579

Title:
  krb5-kdc-ldap plugin crashes krb5-kdc sometimes when password policy
  is set

Status in “krb5” package in Ubuntu:
  Fix Released

Bug description:
  Binary package hint: krb5-kdc

  I have a krb5kdc server running, using openldap as a data store.  This
  works great and, for most clients, it is fine.  I have a password
  policy set as follows:

  
  krbMaxPwdLife: 3628800
  krbMinPwdLife: 0
  krbPwdMinDiffChars: 1
  krbPwdMinLength: 6
  krbPwdHistoryLength: 3
  krbPwdMaxFailure: 20
  krbPwdFailureCountInterval: 0
  krbPwdLockoutDuration: 8

  
  I have a zimbra server running, configured to use kerberos5 for authentication.  This appears to be working.  I left a mail client (Thunderbird) running, periodically checking for new messages.  After a few hours, krb5kdc crashed.  I ran it through strace and found the following:

  
  krb5kdc:  ../../../../../ src/plugins/kdb/ldap/libkdb_ldap/lockout.c:161:  krb5_ldap_lockout_audit: Assertion '!locked_check_p(context, stamp, max_fail, lockout_duration, entry)' failed..

  I took a peek at the code, but the assertion line didn't mean that
  much to me.  It did point me to the krbPwdLockoutDuration setting.
  Looking at it now, I sure hope that it represents minutes.

  Regardless, it shouldn't be possible to crash the KDC and I can now do
  it very reliably.  Any idea what the assertion is checking for and
  what I can do to prevent this from happening?

  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.4
  ProcVersionSignature: Ubuntu 2.6.32-23.37-server 2.6.32.15+drm33.5
  Uname: Linux 2.6.32-23-server x86_64
  Architecture: amd64
  Date: Tue Feb  8 22:53:43 2011
  InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: krb5

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579/+subscriptions

More information about the foundations-bugs mailing list