tevent_abort_nesting crash in idmap_ad

Volker Lendecke vl at samba.org
Fri Jun 24 21:28:29 UTC 2016

On Fri, Jun 24, 2016 at 10:33:28AM -0700, Jeremy Allison wrote:
> This only happens on the tldap bind when we're trying
> to get krb5 creds from the KDC.

Right. This is known for years, but nobody so far has found a way to
fix this. So we have to assume that this is just not fixable until we
do our own libkrb5, something that won't happen for obvious security
reasons. The only way out is forked processes with an IPC mechanism,
but this is MUCH too heavy-weight and not even in sight for years. So
we're stuck with a synchronous gensec for the foreseeable future.


More information about the samba-technical mailing list