On 07/19/2017 08:22 PM, Joshua Schaeffer wrote: > * Do you know if ldap_kdc_dn needs read rights to the krbPrincipalKey > attribute?
It does. The KDC is the primary user of principal long-term keys; it uses them to verify pre-authentication, encrypt KDC replies, and encrypt service tickets. > * Would you consider the segmentation fault a bug? I filed a PR for the crash bug and it should be fixed in upcoming patch releases. This bug only occurs when the master key is manually entered (no stash file) and the K/M entry has no key data (LDAP access error). I'm still not sure why kdb5_ldap_util create -s didn't create a stash file in your scenario. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
