On 07/19/2017 06:54 PM, Greg Hudson wrote: > On 07/19/2017 08:22 PM, Joshua Schaeffer wrote: >> * Do you know if ldap_kdc_dn needs read rights to the krbPrincipalKey >> attribute? > It does. The KDC is the primary user of principal long-term keys; it > uses them to verify pre-authentication, encrypt KDC replies, and encrypt > service tickets.
Okay, good to know. I will leave that account as is. > >> * Would you consider the segmentation fault a bug? > I filed a PR for the crash bug and it should be fixed in upcoming patch > releases. This bug only occurs when the master key is manually entered > (no stash file) and the K/M entry has no key data (LDAP access error). > I'm still not sure why kdb5_ldap_util create -s didn't create a stash > file in your scenario. Yes, I am unsure about this too. If I had to guess it was just a combination of running through my steps multiple times which created some weird environment situation. Or, more likely, it was just an EBKAC error :) Thanks again for all your help. Joshua Schaeffer ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
