passwd fails when kerberos server points to an IPv6 host

Bug #403775 reported by Deactivated User
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
krb5 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: libpam-krb5

passwd fails when trying to change the password against an kerberos server with an IPv6 address. There's supposed to be a fix committed up at MIT http://krbdev.mit.edu/rt/Ticket/Display.html?id=5595, but it seems that it hasn't propagated down to Jaunty.

Revision history for this message
Russ Allbery (rra-debian) wrote :

As is clear from the bug reference given, this problem is in the krb5 libraries, not in libpam-krb5.

affects: libpam-krb5 (Ubuntu) → krb5 (Ubuntu)
Revision history for this message
Sam Hartman (hartmans) wrote : Re: [Bug 403775] [NEW] passwd fails when kerberos server points to an IPv6 host

The following patch is in karmic. It will cause things to work if a
password server has both v4 and v6 addresses and you have v4
connectivity.

I think the 1.7 server has v6 support, but I don't think the 1.7
client even has v6 support.

However, backporting this patch might make the problem less annoying.
commit f6e102ee76028db91a7a973fee8313de352aa5ad
Author: raeburn <raeburn@dc483132-0cff-0310-8789-dd5450dbe970>
Date: Wed Nov 5 17:47:00 2008 +0000

    ticket: 5595

    Only look for IPv4 addresses for the kpasswd server. This is just a
    workaround for other parts of the code failing to cope with IPv6
    addresses, and won't work in an IPv6-only environment; the problem
    should still be fixed for real.

    git-svn-id: svn://anonsvn.mit.edu/svn/krb5/trunk@21004 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c
index 5bd5b86..7811387 100644
--- a/src/lib/krb5/os/changepw.c
+++ b/src/lib/krb5/os/changepw.c
@@ -64,11 +64,12 @@ krb5_locate_kpasswd(krb5_context context, const krb5_data *realm,
     int sockType = (useTcp ? SOCK_STREAM : SOCK_DGRAM);

     code = krb5int_locate_server (context, realm, addrlist,
- locate_service_kpasswd, sockType, 0);
+ locate_service_kpasswd, sockType, AF_INET);

     if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) {
  code = krb5int_locate_server (context, realm, addrlist,
- locate_service_kadmin, SOCK_STREAM, 0);
+ locate_service_kadmin, SOCK_STREAM,
+ AF_INET);
  if (!code) {
      /* Success with admin_server but now we need to change the
         port number to use DEFAULT_KPASSWD_PORT and the socktype. */

Revision history for this message
Chuck Short (zulcss) wrote :

I can confirm that this patch has been applied to karmic, this look likes a good candidate for an SRU. Ill bring it up in the server team weekly meetings.

Regards
chuck

Changed in krb5 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.