[Samba] Winbind crash due to Kerberos broken implementation

[hagai yaffe]

Hello,
 
I am working on RHEL 3 update 4. The Kerberos version that comes with the OS
is 1.2.7. I have installed samba 3.0.14a and encountered multiple winbind
crashes.
 
I have done some debugging and found the cause, samba function
"ads_cleanup_expired_creds" calls Kerberos function krb5_cc_remove_cred (if
the ticket is expired), the Kerberos implementation holds a struct of
function pointers and the function for removing a ticket from the cache is
not initialized (NULL), therefore in this scenario the winbind will crash.
 
I checked and seen that the relevant Kerberos function is implemented in the
recent 1.5 release (I don’t know exactly when it was fixed) so I guess that
upgrading will solve my problem. How ever it seems strange to me that the
default Kerberos that comes with the OS does not work with samba (I must say
that I am a little new to the Red Hat & samba world so I might be missing
something). 
 
I have tried to look for recommendation regarding which Kerberos version
should be used with each samba version and could not found any (obviously
3.0.14a & 1.2.7 is broken), can someone assist on directing me?
 
Apart for the option of upgrade is there a way for me to avoid the ticket
expiration? (It does not happen on all machines, only on a samba machine
which is configured as a member of a domain with multiple domain
controllers, I can also see in the winbind log that different domain
controllers are often used for authentication, could this be the cause)?
 
Any information on any of the issues would be great,
TX,
Hagai.
 
-- 
View this message in context: http://www.nabble.com/Winbind-crash-due-to-Kerberos-broken-implementation-tf4400943.html#a12553966
Sent from the Samba - General mailing list archive at Nabble.com.