Package: krb5-kdc
Version: 1.10.1+dfsg-5
Severity: normal
Dear Kerberos Maintainer,
I now have two entirely unrelated systems with this behavior. It cropped up
about 3-4 weeks ago.
I doubt it's the KDC; I only know it's kerberos related. I honestly don't know
exactly what is the root cause, but it has something to do with apps that
authenticate using kerberos.
Both use Kerberos & LDAP, but are on entirely different networks (ie. home &
office), which are not connected.
When a user attempts to authenticate, the authenticating program then appears
to freeze, and consumes 100% CPU.
The following login programs have this behavior:
* getty
* KDM
* kinit
* kadmin (or does this just call kinit?)
* passwd (ie. to change password "Input Kerberos Password")
* netatalk (AFP Server daemon)
The behavior does not happen when using a user that is not authenticated using
Kerberos.
My home system is running Debian Sid, and its data is attached to this bug
report.
The office system is running Ubuntu 13.04 - it's not a Debian system, but I
believe the projects cooperate somewhat. I was surprised to see the exact same
behavior in Ubuntu.
/var/log/auth log shows something like:
Apr 30 21:02:48 pilot afpd[11401]: pam_krb5(netatalk:auth): (user ttelford)
krb_kuserok for user ttelford failed
Apr 30 21:02:48 pilot afpd[11401]: pam_krb5(netatalk:auth): failed
authorization check; logname=ttelford uid=0 euid=0 tty=afpd ruser=
rhost=sluggo.pariahzero.net
/var/log/kdc log shows:
pr 30 21:02:48 pilot.pariahzero.net krb5kdc[7096](info): AS_REQ (4 etypes {18
17 16 23}) 2001:1938:240:1000::1: NEEDED_PREAUTH: ttelf...@pariahzero.net for
krbtgt/pariahzero....@pariahzero.net, Additional pre-authentication required
Apr 30 21:02:48 pilot.pariahzero.net krb5kdc[7096](info): AS_REQ (4 etypes {18
17 16 23}) 2001:1938:240:1000::1: ISSUE: authtime 1367377368, etypes {rep=18
tkt=18 ses=18}, ttelf...@pariahzero.net for
krbtgt/pariahzero....@pariahzero.net
While the above log messages are from pam_krb5, unless I'm mistaken, kinit,
kadmin, and maybe the passwd change dialog do not use PAM.
If you have any tips on what I can to to narrow down the actual cause, I'd
appreciate it.
Additional Info:
KDC on 'home' system is a Debian 'Sid' System
KDC on 'office' system is an Ubuntu 12.04 system. The problem only appeared
after upgrading my desktop (not the KDC) to Ubuntu 13.04.
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages krb5-kdc depends on:
ii debconf [debconf-2.0] 1.5.49
ii krb5-config 2.3
ii krb5-user 1.10.1+dfsg-5
ii libc6 2.13-38
ii libcomerr2 1.42.5-1.1
ii libgssapi-krb5-2 1.10.1+dfsg-5
ii libgssrpc4 1.10.1+dfsg-5
ii libk5crypto3 1.10.1+dfsg-5
ii libkadm5clnt-mit8 1.10.1+dfsg-5
ii libkadm5srv-mit8 1.10.1+dfsg-5
ii libkdb5-6 1.10.1+dfsg-5
ii libkeyutils1 1.5.5-7
ii libkrb5-3 1.10.1+dfsg-5
ii libkrb5support0 1.10.1+dfsg-5
ii libverto1 0.2.2-1
ii lsb-base 4.1+Debian9
krb5-kdc recommends no packages.
Versions of packages krb5-kdc suggests:
ii krb5-admin-server 1.10.1+dfsg-5
ii krb5-kdc-ldap 1.10.1+dfsg-5
ii openbsd-inetd [inet-superserver] 0.20091229-2
-- debconf information:
* krb5-kdc/debconf: true
* krb5-kdc/run-krb524: false
* krb5-kdc/krb4-mode: disable
krb5-kdc/purge_data_too: false
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
