kerberos and port 88

tridge at samba.org tridge at samba.org
Mon Sep 11 11:46:14 GMT 2006


Andrew,

I think some of the remaining failures on solaris are probably caused
by the fact that older versions of solaris have port 88 in
/etc/services for kerberos.

I worked around the main problem with this by using 127.0.0.1:88 for
the kdc in the krb5.conf that Samba4 in the build farm uses, but I can
see from the valgrind logs that getservbyname() is still being called
(it causes a valgrind error due to bugs in the dlopen code in libc).

Can you see if we can avoid it somehow? Is there something else we can
put into krb5.conf to avoid heimdal using getservbyname() ?

Here is a typical call chain:

getservbyname (in /lib/tls/libc-2.3.6.so)
krb5_getportbyname (get_port.c:46)
krb5_krbhst_init_flags (krbhst.c:700)
krb5_sendto_kdc_flags (send_to_kdc.c:448)
init_cred_loop (init_creds_pw.c:1250)
krb5_get_init_creds (init_creds_pw.c:1379)
krb5_get_init_creds_password (init_creds_pw.c:1502)
kerberos_kinit_password_cc (kerberos.c:90)
kinit_to_ccache (kerberos_util.c:169)
cli_credentials_get_ccache (credentials_krb5.c:262)
cli_credentials_get_client_gss_creds (credentials_krb5.c:295)
gensec_gssapi_client_start (gensec_gssapi.c:311)
gensec_start_mech (gensec.c:601)
gensec_start_mech_by_ops (gensec.c:687)
gensec_spnego_create_negTokenInit (spnego.c:567)
gensec_spnego_update (spnego.c:765)
gensec_update (gensec.c:941)
dcerpc_bind_auth_send (dcerpc_auth.c:293)
dcerpc_pipe_auth_send (dcerpc_util.c:1237)

Cheers, Tridge


More information about the samba-technical mailing list