[Bug 235170] Re: general protection fault in libpam-heimdal/sshd

[ooboyle]

Update:

After some more investigation, I got it to work in a specific situation.
SSH will not segfault and it will not produce an Access Denied message
if the following is true:

1) An /etc/krb5.conf file exists with a "default_realm = <yourrealmname>" entry in the [libdefaults] section.
2) There is no "pam {<youroptions>}" in the [appdefaults] section of the /etc/krb5.conf file.

Observations:

a) The mere existence of a "pam {<youroptions>}" entry in /etc/krb5.conf causes the segfault.
b) The lack of any /etc/krb5.conf file causes the Access Denied message.

Without an /etc/krb5.conf file, Heimdal Kerberos is supposed to be able
to glean this information from DNS if it exists. As such, in an Active
Directory environment, there should be no issues here because the
necessary  information is always available. To make extra sure, I added
a _kerberos TXT record pointing to my realm because this isn't normally
visible in MS DNS by default. This made no difference.

It's still not clear to me why an explicit mention of the default realm
is required in the krb5.conf file when this information is available via
DNS. Perhaps someone else has an idea?

Oliver

-- 
general protection fault in libpam-heimdal/sshd
https://bugs.launchpad.net/bugs/235170
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs