Debian Bug report logs - #714825
krb5-auth-dialog: segfaults when I run 'kinit' on the command line

version graph

Package: krb5-auth-dialog; Maintainer for krb5-auth-dialog is Guido Günther <agx@sigxcpu.org>; Source for krb5-auth-dialog is src:krb5-auth-dialog.

Reported by: Petter Reinholdtsen <pere@hungry.com>

Date: Wed, 3 Jul 2013 08:12:01 UTC

Severity: important

Tags: fixed-upstream

Found in version krb5-auth-dialog/3.2.1-1

Fixed in versions krb5-auth-dialog/3.8.0-3, krb5-auth-dialog/3.2.1-1+deb7u1

Done: Guido Günther <agx@sigxcpu.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Guido Günther <agx@sigxcpu.org>:
Bug#714825; Package krb5-auth-dialog. (Wed, 03 Jul 2013 08:12:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
New Bug report received and forwarded. Copy sent to Guido Günther <agx@sigxcpu.org>. (Wed, 03 Jul 2013 08:12:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: submit@bugs.debian.org
Subject: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Wed, 03 Jul 2013 10:09:00 +0200
Package: krb5-auth-dialog
Version: 3.2.1-1
Severity: important
User:     debian-edu@lists.debian.org
Usertags: debian-edu

On a Debian Edu Wheezy diskless workstation, a user login end up without
a working Kerberos ticket (because it uses ldm which in turn do not
handle PAM properly), and this in turn exposes a crash bug in
krb5-auth-dialog.

The machine in question get a short hostname (ltsp4115 or similar), and
while kinit is able to use the settings in /etc/resolv.conf to figure
out the Kerberos realm (using SRV records in DNS), krb5-auth-dialog is
not.

Thus when I klick on the panel icon to ask for a kerberos ticket,
instead of getting the password dialog prompt, I get a dialog stating
that it could not find the realm.  The dialog states (translated from
Norwegian):

  Kerberos authentication error

  Could not get kerberos ticket: 'unable to find realm of host ltsp4115'
  [OK]

If I start a terminal and run kinit there, I can set a password but
krb5-auth-dialog imediately crashes.  Here is the valgrind output from
the crash run:

==7338== Memcheck, a memory error detector
==7338== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==7338== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==7338== Command: krb5-auth-dialog
==7338== 
==7338== Conditional jump or move depends on uninitialised value(s)
==7338==    at 0x551751E: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==7338==    by 0x5503987: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==7338==    by 0x54BA133: pixman_image_composite32 (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==7338==    by 0x5134A1C: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338==    by 0x5178EEB: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338==    by 0x5169554: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338==    by 0x516A03E: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338==    by 0x7F: ???
==7338== 
==7338== Conditional jump or move depends on uninitialised value(s)
==7338==    at 0x551778E: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==7338==    by 0x5503987: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==7338==    by 0x54BA133: pixman_image_composite32 (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==7338==    by 0x5134A1C: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338==    by 0x5178EEB: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338==    by 0x5169554: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338==    by 0x516A03E: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==7338==    by 0x51A: ???
==7338== 
==7338== Conditional jump or move depends on uninitialised value(s)
==7338==    at 0x7EE7621: ??? (in /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1)
==7338==    by 0x7EE8485: rsvg_handle_get_pixbuf_sub (in /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1)
==7338==    by 0x7EE8502: rsvg_handle_get_pixbuf (in /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1)
==7338==    by 0x5BD9ACF: ??? (in /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so)
==7338==    by 0x4F632BA: gdk_pixbuf_loader_close (in /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1)
==7338==    by 0x4F5F14C: ??? (in /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1)
==7338==    by 0x4F60CA6: gdk_pixbuf_new_from_stream_at_scale (in /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1)
==7338==    by 0x42B877D: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==7338==    by 0x42BB7E0: gtk_icon_info_load_icon (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==7338==    by 0x42BBD14: gtk_icon_info_load_symbolic_for_context (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==7338==    by 0x42B65F5: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==7338==    by 0x43744FE: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==7338== 
** Message: No plugins to load

** (krb5-auth-dialog:7338): WARNING **: Could not initialize NMClient /org/freedesktop/NetworkManager: The name org.freedesktop.NetworkManager was not provided by any .service files

(krb5-auth-dialog:7338): GLib-GIO-CRITICAL **: GApplication subclass 'KaApplet' failed to chain up on ::startup (from start of override function)
==7338== Invalid read of size 4
==7338==    at 0x40F3F47: krb5_principal_compare (in /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0)
==7338==    by 0x804EB45: ??? (in /usr/bin/krb5-auth-dialog)
==7338==    by 0x53ED20C: ffi_call (in /usr/lib/i386-linux-gnu/libffi.so.5.0.10)
==7338==    by 0x4810C79: g_cclosure_marshal_generic_va (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338==    by 0x4810120: ??? (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338==    by 0x4829278: g_signal_emit_valist (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338==    by 0x4829CD2: g_signal_emit (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338==    by 0x46EDA70: ??? (in /usr/lib/i386-linux-gnu/libgio-2.0.so.0.3200.4)
==7338==    by 0x48A018F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338==    by 0x48A26D2: g_main_context_dispatch (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338==    by 0x48A2A6F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338==    by 0x48A2B50: g_main_context_iteration (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==7338== 
==7338== 
==7338== Process terminating with default action of signal 11 (SIGSEGV)
==7338==  Access not within mapped region at address 0x0
==7338==    at 0x40F3F47: krb5_principal_compare (in /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0)
==7338==    by 0x804EB45: ??? (in /usr/bin/krb5-auth-dialog)
==7338==    by 0x53ED20C: ffi_call (in /usr/lib/i386-linux-gnu/libffi.so.5.0.10)
==7338==    by 0x4810C79: g_cclosure_marshal_generic_va (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338==    by 0x4810120: ??? (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338==    by 0x4829278: g_signal_emit_valist (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338==    by 0x4829CD2: g_signal_emit (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==7338==    by 0x46EDA70: ??? (in /usr/lib/i386-linux-gnu/libgio-2.0.so.0.3200.4)
==7338==    by 0x48A018F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338==    by 0x48A26D2: g_main_context_dispatch (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338==    by 0x48A2A6F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338==    by 0x48A2B50: g_main_context_iteration (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==7338==  If you believe this happened as a result of a stack
==7338==  overflow in your program's main thread (unlikely but
==7338==  possible), you can try to increase the size of the
==7338==  main thread stack using the --main-stacksize= flag.
==7338==  The main thread stack size used in this run was 8388608.
==7338== 
==7338== HEAP SUMMARY:
==7338==     in use at exit: 1,620,516 bytes in 23,147 blocks
==7338==   total heap usage: 83,987 allocs, 60,840 frees, 6,257,291 bytes allocated
==7338== 
==7338== LEAK SUMMARY:
==7338==    definitely lost: 1,792 bytes in 6 blocks
==7338==    indirectly lost: 6,460 bytes in 320 blocks
==7338==      possibly lost: 1,041,607 bytes in 14,392 blocks
==7338==    still reachable: 570,657 bytes in 8,429 blocks
==7338==         suppressed: 0 bytes in 0 blocks
==7338== Rerun with --leak-check=full to see details of leaked memory
==7338== 
==7338== For counts of detected and suppressed errors, rerun with: -v
==7338== Use --track-origins=yes to see where uninitialised values come from
==7338== ERROR SUMMARY: 11 errors from 4 contexts (suppressed: 177 from 12)

Can you change krb5-auth-dialog to use the same algorithm as kinit to
figure out the realm, to get it working also for hosts without a domain
part in their name?

Can you fix the crash?

And if you are able to fix these things, can you fix them in Wheezy too?

-- 
Happy hacking
Petter Reinholdtsen



Information forwarded to debian-bugs-dist@lists.debian.org, Guido Günther <agx@sigxcpu.org>:
Bug#714825; Package krb5-auth-dialog. (Wed, 03 Jul 2013 09:03:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Guido Günther <agx@sigxcpu.org>. (Wed, 03 Jul 2013 09:03:04 GMT) Full text and rfc822 format available.

Message #10 received at 714825@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: 714825@bugs.debian.org
Subject: Re: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Wed, 3 Jul 2013 11:00:20 +0200
[Petter Reinholdtsen]
> If I start a terminal and run kinit there, I can set a password but
> krb5-auth-dialog imediately crashes.  Here is the valgrind output from
> the crash run:

I reran the session after building a non-stripped version.  Here is
the new output.

==11982== Memcheck, a memory error detector
==11982== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==11982== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==11982== Command: build/src/krb5-auth-dialog
==11982== 
==11982== Conditional jump or move depends on uninitialised value(s)
==11982==    at 0x551951E: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==11982==    by 0x5505987: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==11982==    by 0x54BC133: pixman_image_composite32 (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==11982==    by 0x5136A1C: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==11982==    by 0x517AEEB: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==11982==    by 0x516B554: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==11982==    by 0x516C03E: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==11982==    by 0x7F: ???
==11982== 
==11982== Conditional jump or move depends on uninitialised value(s)
==11982==    at 0x551978E: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==11982==    by 0x5505987: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==11982==    by 0x54BC133: pixman_image_composite32 (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
==11982==    by 0x5136A1C: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==11982==    by 0x517AEEB: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==11982==    by 0x516B554: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==11982==    by 0x516C03E: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
==11982==    by 0x51A: ???
==11982== 
==11982== Conditional jump or move depends on uninitialised value(s)
==11982==    at 0x7EEA621: ??? (in /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1)
==11982==    by 0x7EEB485: rsvg_handle_get_pixbuf_sub (in /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1)
==11982==    by 0x7EEB502: rsvg_handle_get_pixbuf (in /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1)
==11982==    by 0x5BD8ACF: ??? (in /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so)
==11982==    by 0x4F652BA: gdk_pixbuf_loader_close (in /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1)
==11982==    by 0x4F6114C: ??? (in /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1)
==11982==    by 0x4F62CA6: gdk_pixbuf_new_from_stream_at_scale (in /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1)
==11982==    by 0x42A677D: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==11982==    by 0x42A97E0: gtk_icon_info_load_icon (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==11982==    by 0x42A9D14: gtk_icon_info_load_symbolic_for_context (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==11982==    by 0x42A45F5: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==11982==    by 0x43624FE: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
==11982== 
** Message: No plugins to load

** (krb5-auth-dialog:11982): WARNING **: Could not initialize NMClient /org/freedesktop/NetworkManager: The name org.freedesktop.NetworkManager was not provided by any .service files

(krb5-auth-dialog:11982): GLib-GIO-CRITICAL **: GApplication subclass 'KaApplet' failed to chain up on ::startup (from start of override function)
==11982== Invalid read of size 4
==11982==    at 0x40DCF47: krb5_principal_compare (in /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0)
==11982==    by 0x804EBD5: credentials_expiring_real (ka-kerberos.c:224)
==11982==    by 0x53EF20C: ffi_call (in /usr/lib/i386-linux-gnu/libffi.so.5.0.10)
==11982==    by 0x47FEC79: g_cclosure_marshal_generic_va (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==11982==    by 0x47FE120: ??? (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==11982==    by 0x4817278: g_signal_emit_valist (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==11982==    by 0x4817CD2: g_signal_emit (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==11982==    by 0x46DBA70: ??? (in /usr/lib/i386-linux-gnu/libgio-2.0.so.0.3200.4)
==11982==    by 0x488818F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==11982==    by 0x488A6D2: g_main_context_dispatch (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==11982==    by 0x488AA6F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==11982==    by 0x488AB50: g_main_context_iteration (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==11982==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==11982== 
==11982== 
==11982== Process terminating with default action of signal 11 (SIGSEGV)
==11982==  Access not within mapped region at address 0x0
==11982==    at 0x40DCF47: krb5_principal_compare (in /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0)
==11982==    by 0x804EBD5: credentials_expiring_real (ka-kerberos.c:224)
==11982==    by 0x53EF20C: ffi_call (in /usr/lib/i386-linux-gnu/libffi.so.5.0.10)
==11982==    by 0x47FEC79: g_cclosure_marshal_generic_va (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==11982==    by 0x47FE120: ??? (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==11982==    by 0x4817278: g_signal_emit_valist (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==11982==    by 0x4817CD2: g_signal_emit (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
==11982==    by 0x46DBA70: ??? (in /usr/lib/i386-linux-gnu/libgio-2.0.so.0.3200.4)
==11982==    by 0x488818F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==11982==    by 0x488A6D2: g_main_context_dispatch (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==11982==    by 0x488AA6F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==11982==    by 0x488AB50: g_main_context_iteration (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
==11982==  If you believe this happened as a result of a stack
==11982==  overflow in your program's main thread (unlikely but
==11982==  possible), you can try to increase the size of the
==11982==  main thread stack using the --main-stacksize= flag.
==11982==  The main thread stack size used in this run was 8388608.
DEBUG: ka_applet_set_property: principal: 
DEBUG: ka_applet_set_property: pk-userid: 
DEBUG: ka_applet_set_property: pk-anchors: 
DEBUG: ka_applet_set_property: pw-prompt-mins: 30
DEBUG: ka_applet_set_property: tgt-forwardable: False
DEBUG: ka_applet_set_property: tgt-proxiable: False
DEBUG: ka_applet_set_property: tgt-renewable: False
DEBUG: ka_applet_set_property: principal: pere
DEBUG: ka_applet_set_property: pw-prompt-mins: 30
DEBUG: ka_applet_set_property: pk-userid: 
DEBUG: ka_applet_set_property: pk-anchors: 
DEBUG: ka_applet_set_property: tgt-forwardable: False
DEBUG: ka_applet_set_property: tgt-renewable: False
DEBUG: ka_applet_set_property: tgt-proxiable: False
DEBUG: ka_applet_local_command_line: Parsing local command line
DEBUG: ka_applet_startup: Primary application
DEBUG: ka_nm_client_state_changed_cb: Network state: 0
DEBUG: monitor_ccache: Monitoring /tmp/krb5cc_1000
DEBUG: ka_applet_command_line: Evaluating command line
DEBUG: credentials_expiring: Checking expiry <1800s
DEBUG: credentials_expiring: Expiry @ 0
DEBUG: ccache_changed_cb: /tmp/krb5cc_1000 changed
DEBUG: credentials_expiring: Checking expiry <1800s
==11982== 
==11982== HEAP SUMMARY:
==11982==     in use at exit: 1,620,512 bytes in 23,147 blocks
==11982==   total heap usage: 83,986 allocs, 60,839 frees, 6,257,436 bytes allocated
==11982== 
==11982== LEAK SUMMARY:
==11982==    definitely lost: 1,792 bytes in 6 blocks
==11982==    indirectly lost: 6,460 bytes in 320 blocks
==11982==      possibly lost: 1,033,559 bytes in 14,308 blocks
==11982==    still reachable: 578,701 bytes in 8,513 blocks
==11982==         suppressed: 0 bytes in 0 blocks
==11982== Rerun with --leak-check=full to see details of leaked memory
==11982== 
==11982== For counts of detected and suppressed errors, rerun with: -v
==11982== Use --track-origins=yes to see where uninitialised values come from
==11982== ERROR SUMMARY: 11 errors from 4 contexts (suppressed: 177 from 12)

> Can you change krb5-auth-dialog to use the same algorithm as kinit
> to figure out the realm, to get it working also for hosts without a
> domain part in their name?

This would be the best fix.

> Can you fix the crash?

I looked at the source, and the crash is caused by kprincipal being NULL.

This patch solve the crash by making sure to not try to compare and
free a null pointer:

diff -ru krb5-auth-dialog-3.2.1/src/ka-kerberos.c krb5-auth-dialog-3.2.1-pere/src/ka-kerberos.c
--- krb5-auth-dialog-3.2.1/src/ka-kerberos.c	2011-09-26 22:09:21.000000000 +0200
+++ krb5-auth-dialog-3.2.1-pere/src/ka-kerberos.c	2013-07-03 10:50:39.000000000 +0200
@@ -221,8 +221,10 @@
     }
 
     /* copy principal from cache if any */
-    if (krb5_principal_compare (kcontext, my_creds.client, kprincipal)) {
-        krb5_free_principal (kcontext, kprincipal);
+    if (NULL == kprincipal ||
+        krb5_principal_compare (kcontext, my_creds.client, kprincipal)) {
+        if (NULL != kprincipal)
+            krb5_free_principal (kcontext, kprincipal);
         krb5_copy_principal (kcontext, my_creds.client, &kprincipal);
     }
     creds_expiry = my_creds.times.endtime;

I hope you can find a way to solve the inability to find the realm,
and can get a fix into Wheezy. :)

-- 
Happy hacking
Petter Reinholdtsen



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#714825; Package krb5-auth-dialog. (Wed, 03 Jul 2013 13:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. (Wed, 03 Jul 2013 13:24:04 GMT) Full text and rfc822 format available.

Message #15 received at 714825@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Petter Reinholdtsen <pere@hungry.com>, 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Wed, 3 Jul 2013 15:20:15 +0200
On Wed, Jul 03, 2013 at 10:09:00AM +0200, Petter Reinholdtsen wrote:
> The machine in question get a short hostname (ltsp4115 or similar), and
> while kinit is able to use the settings in /etc/resolv.conf to figure
> out the Kerberos realm (using SRV records in DNS), krb5-auth-dialog is
> not.

Is it possible that kinit is from MIT Kerberos? krb5-auth-dialog is
linked against heimdal and these might behave differently in these
regards.

> Thus when I klick on the panel icon to ask for a kerberos ticket,
> instead of getting the password dialog prompt, I get a dialog stating
> that it could not find the realm.  The dialog states (translated from
> Norwegian):
> 
>   Kerberos authentication error
> 
>   Could not get kerberos ticket: 'unable to find realm of host ltsp4115'
>   [OK]
> 
> If I start a terminal and run kinit there, I can set a password but
> krb5-auth-dialog imediately crashes.  Here is the valgrind output from
> the crash run:
> 
> ==7338== Memcheck, a memory error detector
> ==7338== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
> ==7338== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
> ==7338== Command: krb5-auth-dialog
> ==7338== 
> ==7338== Conditional jump or move depends on uninitialised value(s)
> ==7338==    at 0x551751E: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
> ==7338==    by 0x5503987: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
> ==7338==    by 0x54BA133: pixman_image_composite32 (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
> ==7338==    by 0x5134A1C: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
> ==7338==    by 0x5178EEB: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
> ==7338==    by 0x5169554: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
> ==7338==    by 0x516A03E: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
> ==7338==    by 0x7F: ???
> ==7338== 
> ==7338== Conditional jump or move depends on uninitialised value(s)
> ==7338==    at 0x551778E: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
> ==7338==    by 0x5503987: ??? (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
> ==7338==    by 0x54BA133: pixman_image_composite32 (in /usr/lib/i386-linux-gnu/libpixman-1.so.0.26.0)
> ==7338==    by 0x5134A1C: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
> ==7338==    by 0x5178EEB: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
> ==7338==    by 0x5169554: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
> ==7338==    by 0x516A03E: ??? (in /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2)
> ==7338==    by 0x51A: ???
> ==7338== 
> ==7338== Conditional jump or move depends on uninitialised value(s)
> ==7338==    at 0x7EE7621: ??? (in /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1)
> ==7338==    by 0x7EE8485: rsvg_handle_get_pixbuf_sub (in /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1)
> ==7338==    by 0x7EE8502: rsvg_handle_get_pixbuf (in /usr/lib/i386-linux-gnu/librsvg-2.so.2.36.1)
> ==7338==    by 0x5BD9ACF: ??? (in /usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so)
> ==7338==    by 0x4F632BA: gdk_pixbuf_loader_close (in /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1)
> ==7338==    by 0x4F5F14C: ??? (in /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1)
> ==7338==    by 0x4F60CA6: gdk_pixbuf_new_from_stream_at_scale (in /usr/lib/i386-linux-gnu/libgdk_pixbuf-2.0.so.0.2600.1)
> ==7338==    by 0x42B877D: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
> ==7338==    by 0x42BB7E0: gtk_icon_info_load_icon (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
> ==7338==    by 0x42BBD14: gtk_icon_info_load_symbolic_for_context (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
> ==7338==    by 0x42B65F5: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
> ==7338==    by 0x43744FE: ??? (in /usr/lib/i386-linux-gnu/libgtk-3.so.0.400.2)
> ==7338== 
> ** Message: No plugins to load
> 
> ** (krb5-auth-dialog:7338): WARNING **: Could not initialize NMClient /org/freedesktop/NetworkManager: The name org.freedesktop.NetworkManager was not provided by any .service files
> 
> (krb5-auth-dialog:7338): GLib-GIO-CRITICAL **: GApplication subclass 'KaApplet' failed to chain up on ::startup (from start of override function)
> ==7338== Invalid read of size 4
> ==7338==    at 0x40F3F47: krb5_principal_compare (in /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0)

I'd be good to know the values of the parameters krb5_principal_compare
call in ka-kerberos.c. A gdb backtrace should hopefully reveal them.
 -- Guido

> ==7338==    by 0x804EB45: ??? (in /usr/bin/krb5-auth-dialog)
> ==7338==    by 0x53ED20C: ffi_call (in /usr/lib/i386-linux-gnu/libffi.so.5.0.10)
> ==7338==    by 0x4810C79: g_cclosure_marshal_generic_va (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
> ==7338==    by 0x4810120: ??? (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
> ==7338==    by 0x4829278: g_signal_emit_valist (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
> ==7338==    by 0x4829CD2: g_signal_emit (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
> ==7338==    by 0x46EDA70: ??? (in /usr/lib/i386-linux-gnu/libgio-2.0.so.0.3200.4)
> ==7338==    by 0x48A018F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
> ==7338==    by 0x48A26D2: g_main_context_dispatch (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
> ==7338==    by 0x48A2A6F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
> ==7338==    by 0x48A2B50: g_main_context_iteration (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
> ==7338==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
> ==7338== 
> ==7338== 
> ==7338== Process terminating with default action of signal 11 (SIGSEGV)
> ==7338==  Access not within mapped region at address 0x0
> ==7338==    at 0x40F3F47: krb5_principal_compare (in /usr/lib/i386-linux-gnu/libkrb5.so.26.0.0)
> ==7338==    by 0x804EB45: ??? (in /usr/bin/krb5-auth-dialog)
> ==7338==    by 0x53ED20C: ffi_call (in /usr/lib/i386-linux-gnu/libffi.so.5.0.10)
> ==7338==    by 0x4810C79: g_cclosure_marshal_generic_va (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
> ==7338==    by 0x4810120: ??? (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
> ==7338==    by 0x4829278: g_signal_emit_valist (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
> ==7338==    by 0x4829CD2: g_signal_emit (in /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3200.4)
> ==7338==    by 0x46EDA70: ??? (in /usr/lib/i386-linux-gnu/libgio-2.0.so.0.3200.4)
> ==7338==    by 0x48A018F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
> ==7338==    by 0x48A26D2: g_main_context_dispatch (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
> ==7338==    by 0x48A2A6F: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
> ==7338==    by 0x48A2B50: g_main_context_iteration (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.4)
> ==7338==  If you believe this happened as a result of a stack
> ==7338==  overflow in your program's main thread (unlikely but
> ==7338==  possible), you can try to increase the size of the
> ==7338==  main thread stack using the --main-stacksize= flag.
> ==7338==  The main thread stack size used in this run was 8388608.
> ==7338== 
> ==7338== HEAP SUMMARY:
> ==7338==     in use at exit: 1,620,516 bytes in 23,147 blocks
> ==7338==   total heap usage: 83,987 allocs, 60,840 frees, 6,257,291 bytes allocated
> ==7338== 
> ==7338== LEAK SUMMARY:
> ==7338==    definitely lost: 1,792 bytes in 6 blocks
> ==7338==    indirectly lost: 6,460 bytes in 320 blocks
> ==7338==      possibly lost: 1,041,607 bytes in 14,392 blocks
> ==7338==    still reachable: 570,657 bytes in 8,429 blocks
> ==7338==         suppressed: 0 bytes in 0 blocks
> ==7338== Rerun with --leak-check=full to see details of leaked memory
> ==7338== 
> ==7338== For counts of detected and suppressed errors, rerun with: -v
> ==7338== Use --track-origins=yes to see where uninitialised values come from
> ==7338== ERROR SUMMARY: 11 errors from 4 contexts (suppressed: 177 from 12)
> 
> Can you change krb5-auth-dialog to use the same algorithm as kinit to
> figure out the realm, to get it working also for hosts without a domain
> part in their name?
> 
> Can you fix the crash?
> 
> And if you are able to fix these things, can you fix them in Wheezy too?
> 
> -- 
> Happy hacking
> Petter Reinholdtsen
> 



Information forwarded to debian-bugs-dist@lists.debian.org, Guido Günther <agx@sigxcpu.org>:
Bug#714825; Package krb5-auth-dialog. (Wed, 03 Jul 2013 20:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Guido Günther <agx@sigxcpu.org>. (Wed, 03 Jul 2013 20:33:03 GMT) Full text and rfc822 format available.

Message #20 received at 714825@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: "Guido G?nther" <agx@sigxcpu.org>
Cc: 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Wed, 3 Jul 2013 13:26:48 -0700
[Guido G?nther]
> Is it possible that kinit is from MIT Kerberos? krb5-auth-dialog is
> linked against heimdal and these might behave differently in these
> regards.

Yes, this is using MIT Kerberos kinit.

> I'd be good to know the values of the parameters
> krb5_principal_compare call in ka-kerberos.c. A gdb backtrace should
> hopefully reveal them.

I hope the update and patch I sent in a following email helped.

If you want to test it yourself, I could guide you through installing
Debian Edu wheezy.  I believe two computers are needed to test it, but
suspect two virtual machines would work.

-- 
Happy hacking
Petter Reinholdtsen



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#714825; Package krb5-auth-dialog. (Thu, 04 Jul 2013 07:24:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. (Thu, 04 Jul 2013 07:24:09 GMT) Full text and rfc822 format available.

Message #25 received at 714825@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Petter Reinholdtsen <pere@hungry.com>
Cc: 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Thu, 4 Jul 2013 09:22:19 +0200
On Wed, Jul 03, 2013 at 01:26:48PM -0700, Petter Reinholdtsen wrote:
> [Guido G?nther]
> > Is it possible that kinit is from MIT Kerberos? krb5-auth-dialog is
> > linked against heimdal and these might behave differently in these
> > regards.
> 
> Yes, this is using MIT Kerberos kinit.

Could you check how the Heimdal kinit behaves? I'd like to know if it
behaves the same as krb5-auth-dialog (I assume so). You can set:

# Debug logging
[logging]
krb5=STDERR

for more detailed debugging.

What does "hostname --fqdn" show? Can you attached your krb5.conf?

> 
> > I'd be good to know the values of the parameters
> > krb5_principal_compare call in ka-kerberos.c. A gdb backtrace should
> > hopefully reveal them.
> 
> I hope the update and patch I sent in a following email helped.

I missed that mail - yes. That's what I suspected - gdb backtrace isn't
needed anymore.
Cheers,
 -- Guido

> 
> If you want to test it yourself, I could guide you through installing
> Debian Edu wheezy.  I believe two computers are needed to test it, but
> suspect two virtual machines would work.
> 
> -- 
> Happy hacking
> Petter Reinholdtsen
> 



Added tag(s) fixed-upstream. Request was from Guido Günther <agx@sigxcpu.org> to control@bugs.debian.org. (Thu, 04 Jul 2013 07:51:34 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Guido Günther <agx@sigxcpu.org>:
Bug#714825; Package krb5-auth-dialog. (Thu, 04 Jul 2013 08:30:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Guido Günther <agx@sigxcpu.org>. (Thu, 04 Jul 2013 08:30:05 GMT) Full text and rfc822 format available.

Message #32 received at 714825@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Thu, 4 Jul 2013 10:26:33 +0200
[Message part 1 (text/plain, inline)]
[Guido Günther]
> Could you check how the Heimdal kinit behaves? I'd like to know if it
> behaves the same as krb5-auth-dialog (I assume so). You can set:
> 
> # Debug logging
> [logging]
> krb5=STDERR
> 
> for more detailed debugging.

Not easily.  Not quite sure how to replace that on a diskless
workstation without messing up the setup completely.

> What does "hostname --fqdn" show?

It report only the short name without a domain part, ie 'ltsp4115'.

> Can you attached your krb5.conf?

Attached.  It is the default from the package, as SRV records are used
to find the Kerberos server.  So the hostname isn't the important part
here, as the DNS domain to use is in /etc/resolv.conf instead.

-- 
Happy hacking
Petter Reinholdtsen
[krb5.conf (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#714825; Package krb5-auth-dialog. (Thu, 04 Jul 2013 08:48:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. (Thu, 04 Jul 2013 08:48:07 GMT) Full text and rfc822 format available.

Message #37 received at 714825@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Petter Reinholdtsen <pere@hungry.com>, 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Thu, 4 Jul 2013 10:45:17 +0200
On Thu, Jul 04, 2013 at 10:26:33AM +0200, Petter Reinholdtsen wrote:
> [Guido Günther]
> > Could you check how the Heimdal kinit behaves? I'd like to know if it
> > behaves the same as krb5-auth-dialog (I assume so). You can set:
> > 
> > # Debug logging
> > [logging]
> > krb5=STDERR
> > 
> > for more detailed debugging.
> 
> Not easily.  Not quite sure how to replace that on a diskless
> workstation without messing up the setup completely.

That's sad since it will make debugging much harder. 

> 
> > What does "hostname --fqdn" show?
> 
> It report only the short name without a domain part, ie 'ltsp4115'.
> 
> > Can you attached your krb5.conf?
> 
> Attached.  It is the default from the package, as SRV records are used
> to find the Kerberos server.  So the hostname isn't the important part
> here, as the DNS domain to use is in /etc/resolv.conf instead.

I'm not sure I'm following here. If you don't have a domain name fro
from which domains SRV records would you expect the client to retrieve
it's realm? 
Can you show how MIT resolves the REALM and then the KDC in your case?
Cheers,
 -- Guido

> 
> -- 
> Happy hacking
> Petter Reinholdtsen

> [libdefaults]
>         dns_lookup_realm = true
>         dns_lookup_kdc = true
> # 	default_realm = INTERN
> 
> # The following krb5.conf variables are only for MIT Kerberos.
> 	krb4_config = /etc/krb.conf
> 	krb4_realms = /etc/krb.realms
> 	kdc_timesync = 1
> 	ccache_type = 4
> 	forwardable = true
> 	proxiable = true
> 
> # The following encryption type specification will be used by MIT Kerberos
> # if uncommented.  In general, the defaults in the MIT Kerberos code are
> # correct and overriding these specifications only serves to disable new
> # encryption types as they are added, creating interoperability problems.
> #
> # Thie only time when you might need to uncomment these lines and change
> # the enctypes is if you have local software that will break on ticket
> # caches containing ticket encryption types it doesn't know about (such as
> # old versions of Sun Java).
> 
> #	default_tgs_enctypes = des3-hmac-sha1
> #	default_tkt_enctypes = des3-hmac-sha1
> #	permitted_enctypes = des3-hmac-sha1
> 
> # The following libdefaults parameters are only for Heimdal Kerberos.
> 	v4_instance_resolve = false
> 	v4_name_convert = {
> 		host = {
> 			rcmd = host
> 			ftp = ftp
> 		}
> 		plain = {
> 			something = something-else
> 		}
> 	}
> 	fcc-mit-ticketflags = true
> 
> [realms]
> 	ATHENA.MIT.EDU = {
> 		kdc = kerberos.mit.edu:88
> 		kdc = kerberos-1.mit.edu:88
> 		kdc = kerberos-2.mit.edu:88
> 		admin_server = kerberos.mit.edu
> 		default_domain = mit.edu
> 	}
> 	MEDIA-LAB.MIT.EDU = {
> 		kdc = kerberos.media.mit.edu
> 		admin_server = kerberos.media.mit.edu
> 	}
> 	ZONE.MIT.EDU = {
> 		kdc = casio.mit.edu
> 		kdc = seiko.mit.edu
> 		admin_server = casio.mit.edu
> 	}
> 	MOOF.MIT.EDU = {
> 		kdc = three-headed-dogcow.mit.edu:88
> 		kdc = three-headed-dogcow-1.mit.edu:88
> 		admin_server = three-headed-dogcow.mit.edu
> 	}
> 	CSAIL.MIT.EDU = {
> 		kdc = kerberos-1.csail.mit.edu
> 		kdc = kerberos-2.csail.mit.edu
> 		admin_server = kerberos.csail.mit.edu
> 		default_domain = csail.mit.edu
> 		krb524_server = krb524.csail.mit.edu
> 	}
> 	IHTFP.ORG = {
> 		kdc = kerberos.ihtfp.org
> 		admin_server = kerberos.ihtfp.org
> 	}
> 	GNU.ORG = {
> 		kdc = kerberos.gnu.org
> 		kdc = kerberos-2.gnu.org
> 		kdc = kerberos-3.gnu.org
> 		admin_server = kerberos.gnu.org
> 	}
> 	1TS.ORG = {
> 		kdc = kerberos.1ts.org
> 		admin_server = kerberos.1ts.org
> 	}
> 	GRATUITOUS.ORG = {
> 		kdc = kerberos.gratuitous.org
> 		admin_server = kerberos.gratuitous.org
> 	}
> 	DOOMCOM.ORG = {
> 		kdc = kerberos.doomcom.org
> 		admin_server = kerberos.doomcom.org
> 	}
> 	ANDREW.CMU.EDU = {
> 		kdc = kerberos.andrew.cmu.edu
> 		kdc = kerberos2.andrew.cmu.edu
> 		kdc = kerberos3.andrew.cmu.edu
> 		admin_server = kerberos.andrew.cmu.edu
> 		default_domain = andrew.cmu.edu
> 	}
> 	CS.CMU.EDU = {
> 		kdc = kerberos.cs.cmu.edu
> 		kdc = kerberos-2.srv.cs.cmu.edu
> 		admin_server = kerberos.cs.cmu.edu
> 	}
> 	DEMENTIA.ORG = {
> 		kdc = kerberos.dementix.org
> 		kdc = kerberos2.dementix.org
> 		admin_server = kerberos.dementix.org
> 	}
> 	stanford.edu = {
> 		kdc = krb5auth1.stanford.edu
> 		kdc = krb5auth2.stanford.edu
> 		kdc = krb5auth3.stanford.edu
> 		master_kdc = krb5auth1.stanford.edu
> 		admin_server = krb5-admin.stanford.edu
> 		default_domain = stanford.edu
> 	}
>         UTORONTO.CA = {
>                 kdc = kerberos1.utoronto.ca
>                 kdc = kerberos2.utoronto.ca
>                 kdc = kerberos3.utoronto.ca
>                 admin_server = kerberos1.utoronto.ca
>                 default_domain = utoronto.ca
> 	}
> 
> [domain_realm]
> 	.mit.edu = ATHENA.MIT.EDU
> 	mit.edu = ATHENA.MIT.EDU
> 	.media.mit.edu = MEDIA-LAB.MIT.EDU
> 	media.mit.edu = MEDIA-LAB.MIT.EDU
> 	.csail.mit.edu = CSAIL.MIT.EDU
> 	csail.mit.edu = CSAIL.MIT.EDU
> 	.whoi.edu = ATHENA.MIT.EDU
> 	whoi.edu = ATHENA.MIT.EDU
> 	.stanford.edu = stanford.edu
> 	.slac.stanford.edu = SLAC.STANFORD.EDU
>         .toronto.edu = UTORONTO.CA
>         .utoronto.ca = UTORONTO.CA
> 
> [login]
> 	krb4_convert = true
> 	krb4_get_tickets = false




Information forwarded to debian-bugs-dist@lists.debian.org, Guido Günther <agx@sigxcpu.org>:
Bug#714825; Package krb5-auth-dialog. (Thu, 04 Jul 2013 09:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Guido Günther <agx@sigxcpu.org>. (Thu, 04 Jul 2013 09:00:04 GMT) Full text and rfc822 format available.

Message #42 received at 714825@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Thu, 4 Jul 2013 10:56:29 +0200
[Guido Günther] wrote:
> I'm not sure I'm following here. If you don't have a domain name fro
> from which domains SRV records would you expect the client to
> retrieve it's realm?

In other scripts, I use a simple DNS lookup to find the server,
similar to this:

  pere@tjener:~$ host -t srv _kerberos._udp
  _kerberos._udp.intern has SRV record 100 0 88 tjener.intern.
  pere@tjener:~$ 

> Can you show how MIT resolves the REALM and then the KDC in your
> case?

Here is a tcpdump of port 53 (DNS) on the DNS server during a kinit
run:

10:48:13.740049 IP 10.0.16.22.60465 > tjener.intern.domain: 29355+ TXT? _kerberos.ltsp4118. (36)                                                                                  
10:48:13.740459 IP tjener.intern.domain > 10.0.16.22.60465: 29355 NXDomain 0/1/0 (111)   
10:48:13.741181 IP 10.0.16.22.57667 > tjener.intern.domain: 13656+ TXT? _kerberos.intern. (34)                                                                                    
10:48:13.741397 IP tjener.intern.domain > 10.0.16.22.57667: 13656* 1/1/1 TXT "INTERN" (90)                                                                                        
10:48:13.750393 IP 10.0.16.22.34855 > tjener.intern.domain: 1954+ SRV? _kerberos._udp.INTERN. (39)                                                                                
10:48:13.750882 IP tjener.intern.domain > 10.0.16.22.34855: 1954* 1/1/1 SRV tjener.intern.:88 100 0 (102)                                                                         
10:48:13.751803 IP 10.0.16.22.59974 > tjener.intern.domain: 41193+ SRV? _kerberos._tcp.INTERN. (39)                                                                               
10:48:13.752068 IP tjener.intern.domain > 10.0.16.22.59974: 41193 NXDomain* 0/1/0 (87)   
10:48:13.757228 IP 10.0.16.22.50499 > tjener.intern.domain: 62806+ SRV? _kerberos-master._udp.INTERN. (46)                                                                        
10:48:13.757436 IP tjener.intern.domain > 10.0.16.22.50499: 62806* 1/1/1 SRV tjener.intern.:88 100 0 (109)                                                                        
10:48:20.076806 IP 10.0.16.22.51156 > tjener.intern.domain: 46661+ SRV? _kerberos-master._udp.INTERN. (46)                                                                        
10:48:20.077327 IP tjener.intern.domain > 10.0.16.22.51156: 46661* 1/1/1 SRV tjener.intern.:88 100 0 (109)                                                                        
10:48:20.078249 IP 10.0.16.22.59517 > tjener.intern.domain: 27354+ SRV? _kerberos-master._tcp.INTERN. (46)
10:48:20.078512 IP tjener.intern.domain > 10.0.16.22.59517: 27354 NXDomain* 0/1/0 (94)

As you can see, it first look up the realm using a TXT lookup, and
then find the servers using SRV lookups.  Does it help to explain what
is going on?

-- 
Happy hacking
Petter Reinholdtsen



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#714825; Package krb5-auth-dialog. (Thu, 04 Jul 2013 16:45:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. (Thu, 04 Jul 2013 16:45:04 GMT) Full text and rfc822 format available.

Message #47 received at 714825@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Petter Reinholdtsen <pere@hungry.com>, 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Thu, 4 Jul 2013 18:00:14 +0200
Hi Petter,
On Thu, Jul 04, 2013 at 10:56:29AM +0200, Petter Reinholdtsen wrote:
> [Guido Günther] wrote:
> > I'm not sure I'm following here. If you don't have a domain name fro
> > from which domains SRV records would you expect the client to
> > retrieve it's realm?
> 
> In other scripts, I use a simple DNS lookup to find the server,
> similar to this:
> 
>   pere@tjener:~$ host -t srv _kerberos._udp
>   _kerberos._udp.intern has SRV record 100 0 88 tjener.intern.
>   pere@tjener:~$ 

But where does the .intern come from? It needs to be appended somewhere
and I assume that's missing with heimdal. 

Either there isn't a DNS domain or there is (assuming we're not talking
about anything similar to mDNS .local)?

> 
> > Can you show how MIT resolves the REALM and then the KDC in your
> > case?
> 
> Here is a tcpdump of port 53 (DNS) on the DNS server during a kinit
> run:
> 
> 10:48:13.740049 IP 10.0.16.22.60465 > tjener.intern.domain: 29355+ TXT? _kerberos.ltsp4118. (36)                                                                                  
> 10:48:13.740459 IP tjener.intern.domain > 10.0.16.22.60465: 29355 NXDomain 0/1/0 (111)   
> 10:48:13.741181 IP 10.0.16.22.57667 > tjener.intern.domain: 13656+ TXT? _kerberos.intern. (34)                                                                                    
> 10:48:13.741397 IP tjener.intern.domain > 10.0.16.22.57667: 13656* 1/1/1 TXT "INTERN" (90)                                                                                        
> 10:48:13.750393 IP 10.0.16.22.34855 > tjener.intern.domain: 1954+ SRV? _kerberos._udp.INTERN. (39)                                                                                
> 10:48:13.750882 IP tjener.intern.domain > 10.0.16.22.34855: 1954* 1/1/1 SRV tjener.intern.:88 100 0 (102)                                                                         
> 10:48:13.751803 IP 10.0.16.22.59974 > tjener.intern.domain: 41193+ SRV? _kerberos._tcp.INTERN. (39)                                                                               
> 10:48:13.752068 IP tjener.intern.domain > 10.0.16.22.59974: 41193 NXDomain* 0/1/0 (87)   
> 10:48:13.757228 IP 10.0.16.22.50499 > tjener.intern.domain: 62806+ SRV? _kerberos-master._udp.INTERN. (46)                                                                        
> 10:48:13.757436 IP tjener.intern.domain > 10.0.16.22.50499: 62806* 1/1/1 SRV tjener.intern.:88 100 0 (109)                                                                        
> 10:48:20.076806 IP 10.0.16.22.51156 > tjener.intern.domain: 46661+ SRV? _kerberos-master._udp.INTERN. (46)                                                                        
> 10:48:20.077327 IP tjener.intern.domain > 10.0.16.22.51156: 46661* 1/1/1 SRV tjener.intern.:88 100 0 (109)                                                                        
> 10:48:20.078249 IP 10.0.16.22.59517 > tjener.intern.domain: 27354+ SRV? _kerberos-master._tcp.INTERN. (46)
> 10:48:20.078512 IP tjener.intern.domain > 10.0.16.22.59517: 27354 NXDomain* 0/1/0 (94)
> 
> As you can see, it first look up the realm using a TXT lookup, and
> then find the servers using SRV lookups.  Does it help to explain what
> is going on?

See above. Why should it query _kerberos.intern. ? I assume that if you
set the realm to INTERN in krb5.conf things start to work?

This looks more like a heimdal vs mit issue. I'm happy to help here out
either but we'd better create a bug against heimdal on this one.
Cheers,
 -- Guido

> 
> -- 
> Happy hacking
> Petter Reinholdtsen
> 



Information forwarded to debian-bugs-dist@lists.debian.org, Guido Günther <agx@sigxcpu.org>:
Bug#714825; Package krb5-auth-dialog. (Thu, 04 Jul 2013 18:39:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Guido Günther <agx@sigxcpu.org>. (Thu, 04 Jul 2013 18:39:07 GMT) Full text and rfc822 format available.

Message #52 received at 714825@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Thu, 4 Jul 2013 20:34:22 +0200
[Guido Günther]
> But where does the .intern come from? It needs to be appended somewhere
> and I assume that's missing with heimdal. 
> 
> Either there isn't a DNS domain or there is (assuming we're not talking
> about anything similar to mDNS .local)?

As I said, it come from resolv.conf, where it is listed in 'search'.
The source for that info is DHCP.

> See above. Why should it query _kerberos.intern. ? I assume that if
> you set the realm to INTERN in krb5.conf things start to work?
> 
> This looks more like a heimdal vs mit issue. I'm happy to help here
> out either but we'd better create a bug against heimdal on this one.

So you are saying MIT Kerberos is better at working without explicit
configuration?  Good to know. :)

-- 
Happy hacking
Petter Reinholdtsen



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#714825; Package krb5-auth-dialog. (Fri, 05 Jul 2013 06:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. (Fri, 05 Jul 2013 06:57:04 GMT) Full text and rfc822 format available.

Message #57 received at 714825@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Petter Reinholdtsen <pere@hungry.com>, 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Fri, 5 Jul 2013 08:52:39 +0200
Hi Petter,
On Thu, Jul 04, 2013 at 08:34:22PM +0200, Petter Reinholdtsen wrote:
> [Guido Günther]
> > But where does the .intern come from? It needs to be appended somewhere
> > and I assume that's missing with heimdal. 
> > 
> > Either there isn't a DNS domain or there is (assuming we're not talking
> > about anything similar to mDNS .local)?
> 
> As I said, it come from resolv.conf, where it is listed in 'search'.
> The source for that info is DHCP.

Could you check if adding: 

domain intern

works around your problem? We'd know then if heimdal and MIT behave
differently or if we do have to look for another issue.

It'd also be good to see the DNS traffic when you try to acquire a TGT
via krb5-auth-dialog or heimdal's kinit. The later could easily be done
by copying the kinit to the diskless workstation's /tmp - the libs are
already there due to krb5-auth-dialog.

> 
> > See above. Why should it query _kerberos.intern. ? I assume that if
> > you set the realm to INTERN in krb5.conf things start to work?
> > 
> > This looks more like a heimdal vs mit issue. I'm happy to help here
> > out either but we'd better create a bug against heimdal on this one.
> 
> So you are saying MIT Kerberos is better at working without explicit
> configuration?  Good to know. :)

I'm mostly trying to figure out if this is a heimdal vs. MIT issue or if
krb5-auth-dialog is involved. I'm almost convinced it's the former but
I'd like to be sure before bugging the hemdal maintainers ;)
cheers,
 -- Guido

> 
> -- 
> Happy hacking
> Petter Reinholdtsen
> 



Information forwarded to debian-bugs-dist@lists.debian.org, Guido Günther <agx@sigxcpu.org>:
Bug#714825; Package krb5-auth-dialog. (Fri, 05 Jul 2013 11:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Guido Günther <agx@sigxcpu.org>. (Fri, 05 Jul 2013 11:21:04 GMT) Full text and rfc822 format available.

Message #62 received at 714825@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Fri, 5 Jul 2013 13:19:45 +0200
[Guido Günther]
> Hi Petter,

Hi.

> Could you check if adding: 
> 
> domain intern
> 
> works around your problem? We'd know then if heimdal and MIT behave
> differently or if we do have to look for another issue.

It is already present.  The resolv.conf file look like this:

  domain intern
  search intern
  nameserver 10.0.2.2

> It'd also be good to see the DNS traffic when you try to acquire a
> TGT via krb5-auth-dialog or heimdal's kinit. The later could easily
> be done by copying the kinit to the diskless workstation's /tmp -
> the libs are already there due to krb5-auth-dialog.

Hm, there seem to be some caching going on that make it hard to tell,
but here is my best guess based on several runs.  It seem to look for
TXT entry for _kerberos.$hostmame (as in _kerberos.ltsp4115), and then
_kerberos.intern, giving it the REALM.  But it do not try any lookups
to find the Kerberos server (as in SRV records in
_kerberos._tcp.intern).  And it show a popup stating that it can't
reach the kerberos server when I enter the password.

> I'm mostly trying to figure out if this is a heimdal vs. MIT issue
> or if krb5-auth-dialog is involved. I'm almost convinced it's the
> former but I'd like to be sure before bugging the hemdal maintainers
> ;) cheers,

I hope this help. :)

-- 
Happy hacking
Petter Reinholdtsen



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#714825; Package krb5-auth-dialog. (Fri, 05 Jul 2013 11:48:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. (Fri, 05 Jul 2013 11:48:04 GMT) Full text and rfc822 format available.

Message #67 received at 714825@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Petter Reinholdtsen <pere@hungry.com>, 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Fri, 5 Jul 2013 13:46:21 +0200
On Fri, Jul 05, 2013 at 01:19:45PM +0200, Petter Reinholdtsen wrote:
> [Guido Günther]
> > Hi Petter,
> 
> Hi.
> 
> > Could you check if adding: 
> > 
> > domain intern
> > 
> > works around your problem? We'd know then if heimdal and MIT behave
> > differently or if we do have to look for another issue.
> 
> It is already present.  The resolv.conf file look like this:
> 
>   domain intern
>   search intern
>   nameserver 10.0.2.2
> 
> > It'd also be good to see the DNS traffic when you try to acquire a
> > TGT via krb5-auth-dialog or heimdal's kinit. The later could easily
> > be done by copying the kinit to the diskless workstation's /tmp -
> > the libs are already there due to krb5-auth-dialog.
> 
> Hm, there seem to be some caching going on that make it hard to tell,
> but here is my best guess based on several runs.  It seem to look for
> TXT entry for _kerberos.$hostmame (as in _kerberos.ltsp4115), and then
> _kerberos.intern, giving it the REALM.  But it do not try any lookups
> to find the Kerberos server (as in SRV records in
> _kerberos._tcp.intern).  And it show a popup stating that it can't
> reach the kerberos server when I enter the password.
> 
> > I'm mostly trying to figure out if this is a heimdal vs. MIT issue
> > or if krb5-auth-dialog is involved. I'm almost convinced it's the
> > former but I'd like to be sure before bugging the hemdal maintainers
> > ;) cheers,
> 
> I hope this help. :)
I think we're getting closer. Did you try the 

dns_lookup_kdc
dns_fallback

parameters?
 -- Guido



Information forwarded to debian-bugs-dist@lists.debian.org, Guido Günther <agx@sigxcpu.org>:
Bug#714825; Package krb5-auth-dialog. (Fri, 05 Jul 2013 11:54:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Guido Günther <agx@sigxcpu.org>. (Fri, 05 Jul 2013 11:54:04 GMT) Full text and rfc822 format available.

Message #72 received at 714825@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Fri, 5 Jul 2013 13:52:07 +0200
[Guido Günther]
> I think we're getting closer. Did you try the 
> 
> dns_lookup_kdc
> dns_fallback
> 
> parameters?

The former is already set to true (along side dns_lookup_realm), and
the latter isn't.  But according to
<URL: http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/libdefaults.html >,
dns_fallback have no effect if both dns_lookup_realm and
dns_lookup_kdc is set.  I tried to add 'dns_fallback = true' in the
libdefault section, but it dod not have any effect.

-- 
Happy hacking
Petter Reinholdtsen



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#714825; Package krb5-auth-dialog. (Fri, 05 Jul 2013 13:54:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. (Fri, 05 Jul 2013 13:54:08 GMT) Full text and rfc822 format available.

Message #77 received at 714825@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Petter Reinholdtsen <pere@hungry.com>, 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Fri, 5 Jul 2013 15:50:18 +0200
Hi Petter,
On Fri, Jul 05, 2013 at 01:52:07PM +0200, Petter Reinholdtsen wrote:
> [Guido Günther]
> > I think we're getting closer. Did you try the 
> > 
> > dns_lookup_kdc
> > dns_fallback
> > 
> > parameters?
> 
> The former is already set to true (along side dns_lookup_realm), and
> the latter isn't.  But according to
> <URL: http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/libdefaults.html >,
> dns_fallback have no effect if both dns_lookup_realm and
> dns_lookup_kdc is set.  I tried to add 'dns_fallback = true' in the
> libdefault section, but it dod not have any effect.

O.k. - the last thing to do then would be to reproduce this with
heimdal's kinit. Could you scp this onto the box and try if behaves like
krb5-auth-dialog [1]? If it behaves the same I'll have a look into
heimdal's implementation.
Cheers,
 -- Guido


Also note that krb5-auth-dialog currently needs to be
restarted after making changes to e.g. krb5.conf since it creates the
whole context during application startup and not dynamically



Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#714825; Package krb5-auth-dialog. (Fri, 05 Jul 2013 14:15:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. (Fri, 05 Jul 2013 14:15:13 GMT) Full text and rfc822 format available.

Message #82 received at 714825@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Petter Reinholdtsen <pere@hungry.com>, 714825@bugs.debian.org
Subject: Re: Bug#714825: krb5-auth-dialog: segfaults when I run 'kinit' on the command line
Date: Fri, 5 Jul 2013 16:10:45 +0200
On Fri, Jul 05, 2013 at 01:52:07PM +0200, Petter Reinholdtsen wrote:
> [Guido Günther]
> > I think we're getting closer. Did you try the 
> > 
> > dns_lookup_kdc
> > dns_fallback
> > 
> > parameters?
> 
> The former is already set to true (along side dns_lookup_realm), and
> the latter isn't.  But according to
> <URL: http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/libdefaults.html >,
> dns_fallback have no effect if both dns_lookup_realm and
> dns_lookup_kdc is set.  I tried to add 'dns_fallback = true' in the
> libdefault section, but it dod not have any effect.

Here's what I found. Setting:

dns_lookup_kdc = yes
dns_lookup_realm = yes
dns_fallback = yes

on a host with 

# hostname
foo
# hostname --fqdn 
foo.example.com

and no domain or search entries in resolv.conf

I get:

$ kinit me
2013-07-05T16:07:09 error message: Did not find a plugin for ccache_ops: 2
2013-07-05T16:07:09 error message: unable to find realm of host foo: -1765328167
kinit: krb5_parse_name: unable to find realm of host foo

Setting the hostname to the fqdn then works. Even adding

domain example.com
search example.com

to resolv.conf doesn't change anything. That's with
1.6~git20120403+dfsg1-2. So it seems to me the problem is within heimdal
itself.
Cheers,
 -- Guido



> 
> -- 
> Happy hacking
> Petter Reinholdtsen
> 



Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Fri, 05 Jul 2013 15:51:14 GMT) Full text and rfc822 format available.

Notification sent to Petter Reinholdtsen <pere@hungry.com>:
Bug acknowledged by developer. (Fri, 05 Jul 2013 15:51:14 GMT) Full text and rfc822 format available.

Message #87 received at 714825-close@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 714825-close@bugs.debian.org
Subject: Bug#714825: fixed in krb5-auth-dialog 3.8.0-3
Date: Fri, 05 Jul 2013 15:48:23 +0000
Source: krb5-auth-dialog
Source-Version: 3.8.0-3

We believe that the bug you reported is fixed in the latest version of
krb5-auth-dialog, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 714825@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated krb5-auth-dialog package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 05 Jul 2013 17:40:45 +0200
Source: krb5-auth-dialog
Binary: krb5-auth-dialog
Architecture: source i386
Version: 3.8.0-3
Distribution: unstable
Urgency: low
Maintainer: Guido Günther <agx@sigxcpu.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 krb5-auth-dialog - tray applet for reauthenticating kerberos tickets
Closes: 714825
Changes: 
 krb5-auth-dialog (3.8.0-3) unstable; urgency=low
 .
   * [21a1bd6] Fix krb5_principal_compare crashes on NULL arguments.
     Thanks to Petter Reinholdtsen (Closes: #714825)
Checksums-Sha1: 
 e92f4cdbb408c6e890eb2cecc534c6f9f527ea25 1563 krb5-auth-dialog_3.8.0-3.dsc
 c403895f4de3705a941b00adc077a46e794be5ec 6246 krb5-auth-dialog_3.8.0-3.debian.tar.gz
 8296926491a75be5f0db634e74104a2f422c0c19 266970 krb5-auth-dialog_3.8.0-3_i386.deb
Checksums-Sha256: 
 5d0a38c426b2c2c4e1e9dadfa072020a08b6ba21f5002131193a777b26f7ee1d 1563 krb5-auth-dialog_3.8.0-3.dsc
 d394651d766390983a83bb0faecfd5fb944403116575ee612030bde88ca57210 6246 krb5-auth-dialog_3.8.0-3.debian.tar.gz
 22ba3ec5de37679ae4465cfe257cc58c6f0b9f013deba3bdce6e9d615d7e64b9 266970 krb5-auth-dialog_3.8.0-3_i386.deb
Files: 
 9a75b787e4cb9641821ca662c9a66024 1563 gnome optional krb5-auth-dialog_3.8.0-3.dsc
 ce49ddb60a46207f225cc163be4c3566 6246 gnome optional krb5-auth-dialog_3.8.0-3.debian.tar.gz
 fb2a3bbda7fae782929138a190d79425 266970 gnome optional krb5-auth-dialog_3.8.0-3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFR1unwn88szT8+ZCYRAkfiAJ0S8m/yo5GGBWhZHgf9mrcs6cn40QCfaE5d
YbId8gFZ5IVCSLv8cqOJDv4=
=U3gn
-----END PGP SIGNATURE-----




Bug 714825 cloned as bug 715030 Request was from Guido Günther <agx@sigxcpu.org> to control@bugs.debian.org. (Fri, 05 Jul 2013 15:57:09 GMT) Full text and rfc822 format available.

Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Wed, 10 Jul 2013 22:33:13 GMT) Full text and rfc822 format available.

Notification sent to Petter Reinholdtsen <pere@hungry.com>:
Bug acknowledged by developer. (Wed, 10 Jul 2013 22:33:13 GMT) Full text and rfc822 format available.

Message #94 received at 714825-close@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 714825-close@bugs.debian.org
Subject: Bug#714825: fixed in krb5-auth-dialog 3.2.1-1+deb7u1
Date: Wed, 10 Jul 2013 22:32:05 +0000
Source: krb5-auth-dialog
Source-Version: 3.2.1-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
krb5-auth-dialog, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 714825@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated krb5-auth-dialog package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 05 Jul 2013 17:58:44 +0200
Source: krb5-auth-dialog
Binary: krb5-auth-dialog
Architecture: source i386
Version: 3.2.1-1+deb7u1
Distribution: stable-proposed-updates
Urgency: low
Maintainer: Guido Günther <agx@sigxcpu.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description: 
 krb5-auth-dialog - tray applet for reauthenticating kerberos tickets
Closes: 714825
Changes: 
 krb5-auth-dialog (3.2.1-1+deb7u1) stable-proposed-updates; urgency=low
 .
   * [7b5a095] Fix krb5_principal_compare crashes on NULL arguments.
     Thanks to Petter Reinholdtsen (Closes: #714825)
Checksums-Sha1: 
 7d6fcdf50bb42f96f2a137cc89575c1909d714ac 1609 krb5-auth-dialog_3.2.1-1+deb7u1.dsc
 9461f2d9c5b43860a65efde6d292d82ea969123f 6169 krb5-auth-dialog_3.2.1-1+deb7u1.debian.tar.gz
 fb029137828cb38eb6813ad1dcf2d8a598901b1c 268128 krb5-auth-dialog_3.2.1-1+deb7u1_i386.deb
Checksums-Sha256: 
 d56382fa19640c31e52c9f1542f6ac385d9156e8b3d0d7ced1fed3339f9ed7e0 1609 krb5-auth-dialog_3.2.1-1+deb7u1.dsc
 7c11bf1e2aa22b7155883c63f004b53f41939b138a23e08b5c085a171cf2dce7 6169 krb5-auth-dialog_3.2.1-1+deb7u1.debian.tar.gz
 fbdb95bd84829617b3bb1075a260a23eb03dc108b3185c30d5a3be6678d4e1ab 268128 krb5-auth-dialog_3.2.1-1+deb7u1_i386.deb
Files: 
 543991a912246f5d38f849cada9c4867 1609 gnome optional krb5-auth-dialog_3.2.1-1+deb7u1.dsc
 8521bb09ece7273c190ac7feb0f27ff7 6169 gnome optional krb5-auth-dialog_3.2.1-1+deb7u1.debian.tar.gz
 c24d1d1a38471462368c47b697ed9e2e 268128 gnome optional krb5-auth-dialog_3.2.1-1+deb7u1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFR1/5Hn88szT8+ZCYRAkfuAJ0UWD9mVsG0NffGeMPy/E4Ky6/cqwCeNC3d
QcgQ0n/GImo2FVchBDKuo64=
=jdlD
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 13 Aug 2013 07:28:18 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 09:25:11 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.