[Bug 715579] Re: krb5-kdc-ldap plugin crashes krb5-kdc sometimes when password policy is set
Jamie Strandboge
jamie at ubuntu.com
Fri Oct 21 19:38:02 UTC 2011
This should be fixed with http://www.ubuntu.com/usn/usn-1233-1/
** Changed in: krb5 (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/715579
Title:
krb5-kdc-ldap plugin crashes krb5-kdc sometimes when password policy
is set
Status in “krb5” package in Ubuntu:
Fix Released
Bug description:
Binary package hint: krb5-kdc
I have a krb5kdc server running, using openldap as a data store. This
works great and, for most clients, it is fine. I have a password
policy set as follows:
krbMaxPwdLife: 3628800
krbMinPwdLife: 0
krbPwdMinDiffChars: 1
krbPwdMinLength: 6
krbPwdHistoryLength: 3
krbPwdMaxFailure: 20
krbPwdFailureCountInterval: 0
krbPwdLockoutDuration: 8
I have a zimbra server running, configured to use kerberos5 for authentication. This appears to be working. I left a mail client (Thunderbird) running, periodically checking for new messages. After a few hours, krb5kdc crashed. I ran it through strace and found the following:
krb5kdc: ../../../../../ src/plugins/kdb/ldap/libkdb_ldap/lockout.c:161: krb5_ldap_lockout_audit: Assertion '!locked_check_p(context, stamp, max_fail, lockout_duration, entry)' failed..
I took a peek at the code, but the assertion line didn't mean that
much to me. It did point me to the krbPwdLockoutDuration setting.
Looking at it now, I sure hope that it represents minutes.
Regardless, it shouldn't be possible to crash the KDC and I can now do
it very reliably. Any idea what the assertion is checking for and
what I can do to prevent this from happening?
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.4
ProcVersionSignature: Ubuntu 2.6.32-23.37-server 2.6.32.15+drm33.5
Uname: Linux 2.6.32-23-server x86_64
Architecture: amd64
Date: Tue Feb 8 22:53:43 2011
InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: krb5
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/715579/+subscriptions
More information about the foundations-bugs
mailing list