A perl program crashes in libkrb5.so.3.3 library when calling credential cache functions using the Authen::Krb5 module

Solution Verified - Updated -

Issue

  • A perl program crashes in libkrb5.so.3.3 library when calling credential cache functions using the Authen::Krb5 module
  • The program:

#!/usr/bin/perl
#
#
use Authen::Krb5;

sub get_tgt_keytab
{
    my ($client, $server, @a, $ccname, $keytab, $err);
    undef $retval;

    my $context = Authen::Krb5::init_context();
    Authen::Krb5::init_ets();

    # Our admin user
    $client = Authen::Krb5::parse_name('testprinc');
    if ( ! $client ) {
        $retval = "ERROR: Unable to parse principal name!";
        goto CLEANUP;
    }#/* if */

    ## We're getting just a TGT service ticket
    #$server = Authen::Krb5::parse_name('krbtgt/FOOBAR.TEST');
    #if ( ! $server ) {
    #    $retval = "ERROR: Unable to parse TGT name!";
    #    goto CLEANUP;
    #}#/* if */

    my $cache_name;
    # Setup the credentials cache
    do {
        @a = (0 .. 9, 'a' .. 'z', 'A' .. 'Z');
        $ccname = join '', map { $a[int rand @a] } 0 .. 7;
        $cache_name = "/tmp/reghost_$ccname";
    } until (! -e $cache_name );

    # Set KRB5CCNAME environment
    $ENV{KRB5CCNAME} = $cache_name;

    $cc = Authen::Krb5::cc_resolve($cache_name);

    if ( ! $cc ) {
        $retval="ERROR: Unable to resolve cache!";
        goto CLEANUP;  
    }#/* if */

    $cc->initialize($client);

    # Set KRB5CCNAME environment
    $ENV{KRB5CCNAME} = $cc->get_name();

    # What keytab we're using - use the cron keytab by default...
    $keytab = Authen::Krb5::kt_resolve('FILE:/etc/cron.keytab');

    if ( ! $keytab ) {
        $retval = "ERROR: Unable to resolve keytab!";
        goto CLEANUP;
    }#/* if */

    # Get our TGT and store it in our credentials cache...
    my $creds = Authen::Krb5::get_init_creds_keytab($client,$keytab);
    if (defined($creds)) {
        if ($cc) {
            $cc->store_cred($creds);
        }#/* if */   
    } else {
        $retval = "ERROR: Unable to get TGT from keytab!";
        goto CLEANUP;
    }#/* if-else */

CLEANUP:
    if ($context) {
        Authen::Krb5::free_context();
    }# /* if */
    if (! defined($retval) ){
        return($cc);
    } else {
        if ($cc) {
            $cc->destroy;
        }# /* if */
        return($retval);
    }#/* if-else */
}

for ($count = 0; $count <= 100000; $count++) {
    print "$count\n";
    my $cc =  get_tgt_keytab();
    if (($cc) && $cc =~ /ERROR/) {
        print $cc;
    } elsif ($cc) {
        $cc->destroy;
    }# /* if-else */
}# /* for */

Environment

  • Red Hat Enterprise Linux 5
  • perl
  • krb5-libs
  • Authen::perl module obtained using 'cpan install'

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.