f



OpenSSH 4.2 with KRB5 1.4.1 on Solaris 2.6

We have someone running OpenSSH 4.2 with KRB5 1.4.1 on Solaris 2.6
encountering the following error:
  Assertion failed: i->did_run != 0, file ../../include/k5-platform.h, line 232
  debug1: do_cleanup

Things seem to work ok on Solaris 8 and 10 with Solaris 8 binaries.

KRB5 1.4.1 was built with the Sun C compiler and linked _statically_
into the OpenSSH binary.

Any ideas? Is there an easy way to find out what function is being
passed to k5_call_init_function()?

-- 
albert chin (china@thewrittenword.com)
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
1/17/2006 11:29:25 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

2 Replies
658 Views

Similar Articles

[PageSpeed] 22

On Jan 17, 2006, at 18:29, Albert Chin wrote:
> We have someone running OpenSSH 4.2 with KRB5 1.4.1 on Solaris 2.6
> encountering the following error:
>   Assertion failed: i->did_run != 0, file ../../include/k5- 
> platform.h, line 232
>   debug1: do_cleanup
>
> Things seem to work ok on Solaris 8 and 10 with Solaris 8 binaries.
>
> KRB5 1.4.1 was built with the Sun C compiler and linked _statically_
> into the OpenSSH binary.
>
> Any ideas? Is there an easy way to find out what function is being
> passed to k5_call_init_function()?

My first guess: The Solaris 2.6 C library probably has a function  
pthread_once which doesn't do anything.  Our code uses weak  
references, finds that a definition of pthread_once has been linked  
in, and uses it instead of working around its lack.  The update to  
1.4.2 or 1.4.3 included changes to how we decide whether pthread  
support has been linked in, and will probably work better if this is  
the case.

It probably doesn't matter much which function was passed to  
k5_call_init_function, because there are several calls in the library  
code, and each one will probably suffer the same problem.  If you can  
get a stack trace, you could probably figure it out -- actually, the  
debugger might not show you the function calling  
k5_call_init_function because it's expanded inline, but if it  
doesn't, it'll probably show you the next caller up the chain, and  
the code there would tell you which function is invoking  
k5_call_init_function, which would in turn show you the initializer  
that's supposed to be called.

Ken
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
raeburn (375)
1/18/2006 12:05:46 AM
On Tue, Jan 17, 2006 at 07:05:46PM -0500, Ken Raeburn wrote:
> On Jan 17, 2006, at 18:29, Albert Chin wrote:
> > We have someone running OpenSSH 4.2 with KRB5 1.4.1 on Solaris 2.6
> > encountering the following error:
> >   Assertion failed: i->did_run != 0, file ../../include/k5- 
> > platform.h, line 232
> >   debug1: do_cleanup
> >
> > Things seem to work ok on Solaris 8 and 10 with Solaris 8 binaries.
> >
> > KRB5 1.4.1 was built with the Sun C compiler and linked _statically_
> > into the OpenSSH binary.
> >
> > Any ideas? Is there an easy way to find out what function is being
> > passed to k5_call_init_function()?
> 
> My first guess: The Solaris 2.6 C library probably has a function  
> pthread_once which doesn't do anything.  Our code uses weak  
> references, finds that a definition of pthread_once has been linked  
> in, and uses it instead of working around its lack.  The update to  
> 1.4.2 or 1.4.3 included changes to how we decide whether pthread  
> support has been linked in, and will probably work better if this is  
> the case.

Ok, thanks. Looks like someone ran into this problem before:
  http://mailman.mit.edu/pipermail/kerberos/2005-July/008075.html

For now, I'll just rebuild with --without-threads.

-- 
albert chin (china@thewrittenword.com)
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
1/18/2006 5:48:29 AM
Reply:

Similar Artilces:

Upgrade of Xalan 1.2.2 and Xerces 1.4.4 to Xalan 2.6 and Xerces 2.6.2
I've been tasked with upgrading the JVM from 1.3 to 1.4, and the third party libraries used by my company on our existing Java framework. I'm most worried about any problems that may occur due to upgrading Xalan and Xerces as our framework performs much XML transformation and processing. Does anyone have a link to known issues with such an upgrade (besides the Xalan / Xerces sites) ? Or has anyone done such an upgrade and can share their pearls of wisdom? Thanks Chris ...

Does 4/2/2= (4/2)/2 =1 OR = 4/(2/2)=4
I don't have matlab and I am trying to translate some simple matlab code. Does 4/2/2 = (4/2)/2 = 1 or 4/2/2 = 4/(2/2) = 4 On 9/11/2012 9:43 AM, sarah.englander@gmail.com wrote: > I don't have matlab and I am trying to translate some simple matlab code. > > Does 4/2/2 = (4/2)/2 = 1 yes. At a given precedence level (and obviously two of the same operators are the same level) evaluation proceeds from LtoR. ....snip... <http://www.mathworks.com/help/techdoc/matlab_prog/f0-40063.html#f0-38155> -- dpb <none@non.net> wrote in message <...

ACE 5.4.2 + TAO 1.4.2 client, ORBacus 4.1.2 NameService, and JACOrb 1.4.1 servants
Hi everyone, Background: ----------- I'm very new to CORBA, ACE & TAO. I'm trying to integrate with a 3rd party system which exposes a CORBA object model to clients. This system is composed of JACOrb 1.4.1 servers registering with an ORBacus 4.1.2 NameService. We've got existing software that uses ACE 5.4.2, and the 3rd party documentation mentions that people have used TAO (no version specified) previously to integrate with their system, so I'm trying out TAO 1.4.2 as a natural solution to the problem. Environment Specifics: ---------------------- - ACE 5.4.2 + TAO 1.4.2 clients - running on a variant of RedHat Enterprise Linux 4.x (x86 platform) - compiled with gcc-c++-3.4.3-22.1 - ORBacus 4.1.2 NameService, and JACorb 1.4.1 servants (the 3rd Party stuff) - running on SunOS 5.9 What I'm trying to do: ---------------------- To get started, I'm trying to create a simple "hi3rdParty" app which acquires a reference to the remote ORBacus NameService so that I can then get at the other services. Here's the code I'm using: try { // ------ begin common CORBA init -------- // First initialize the ORB - that will remove some arguments... // NOTE: we're gonna try and use "-ORBInitRef NameService=corbaloc:iiop:theServer:5000/NameService" // to find the naming service. CORBA::ORB_var orb = CORBA::ORB_init(argc, argv, "&quo...

Load average differences between Apache 1.3.37/PHP 4.4.6 and Apache 2.2.4/PHP 5.2.1
Hi folks, I've encountered something rather strange. This morning, I upgraded our production server, providing web services for our library website, from Apache 1.3.37/PHP 4.4.6 to Apache 2.2.4/PHP 5.2.1. The server, which normally exhibits a load average below 1 most of the time, spiked to loads that approached 100 if left alone. The interesting part of this is that this load average seems to be almost artificial - it appears to be caused by httpd processes stuck in a "closing connection" state (TIME_WAIT, in netstat). These processes are still running according t...

Newbie question; why (cons (list 1 2) (list 3 4)) is ((1 2) 3 4) and not ((1 2) (3 4))
Hi, I just started to learn LISP, and stumbled in SICP upon (cons (list 1 2) (list 3 4)) is evaluated to ((1 2) 3 4) I do not understand why this is not: ((1 2) (3 4)) because (cdr (cons (list 1 2) (list 3 4))) is (3 4) and (car (cons (list 1 2) (list 3 4))) is (1 2) Is there a logical explanation? Thank you for your patience. -- Greg Out of order, gregor <gregor@ediwo.com> writes: > Is there a logical explanation? Yes. > I just started to learn LISP, and stumbled in SICP upon But first, let's talk about LISP, Lisp, Scheme and Common Lisp. LISP is the name of the programming language invented in 1959 by John McCarthy and of the first program implementing it written amongst other by Steve Russel, one of his students. LISP 1.5 is a segueing version of that same program dating about 1962 that had some distribution. Then various lisp languages were developed at various places by various teams. Names such as MacLisp, InterLisp, LeLisp, StandardLisp, vLisp, Lisp Machine Lisp, Scheme, GNU Emacs Lisp, etc. It was quite a mess, and people had a hard time sharing programs. So they talked and designed and wrote and voted and produced the ANSI Common Lisp standard (in the USA), meanwhile in Europe they produced the ISO Lisp standard. Nowadays, almost all the other lisps are "dead", with only scheme (current version r5rs, r7r...

Upgrade from VO 1 - 2 - 2..1 -2.2 - 2.3 -2.4 - 2.5 - 2.6 - 2.7
About upgrade 2.5 - 2.7 at $ 384.00 For most products I'm using - the updates (2.0 - 2.1 - 2.7) are free... 2.0 to 3.0 might be worth + 10-30% of the original price? VO is + full price again & again - Full program price for every minor upgrade/bug-fix? I dropped out of the money/bugs [VO] at 2.5 after starting at 1.0 more than 10 years ago. Certainly whoever is making VO have to make a living; earning moneys: - that is OK! A 10 years old VO site; - 10 years later, how much have changed? http://www.yi.com/prany/cavo/cavofront.htm Even MS is not ...

RE: KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2 #2
Downloaded KRB5 1.4.1 and the installation worked great with GCC and AIX make. None of the problems that were encountered with 1.4.0 and the unbalanced "(". The problem with: /usr/local/kerberos/bin/kinit -V kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials still exist. If I force it to version 4 KRB it seems to work with the krb5.conf: /usr/local/kerberos/bin/kinit -4 xxxxxxx Password for xxxxxx@xxx.xxxxxxxxxx.xxx: kinit(v4): Can't send request (send_to_kdc) The krb5.conf file is the same file that worked with the 1.3.6 version of KRB5. It does not seem to work with KRB 1.4 or 1.4.1. Any one having similar problems or solutions ? Thanks, Lamar -----Original Message----- From: Saxon, Lamar Sent: Monday, April 25, 2005 11:08 AM To: 'Tom Yu' Cc: kerberos@mit.edu Subject: RE: KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2 The compile with CC works with no issues. The other issue still remains. "Cannot resolve network address for KDC in requested realm while getting initial credentials" I tried kinit with the -k and verbose; but not with a password. I will post the results once I get it accomplished. Thanks, Lamar -----Original Message----- From: Tom Yu [mailto:tlyu@MIT.EDU] Sent: Thursday, April 21, 2005 2:18 PM To: Saxon, Lamar Cc: kerberos@mit.edu Subject: Re: KRB5 1.4 vs. KRB5 1.3.6 on AIX 5.2 >>>>> "Lamar" == <Lamar.Saxon@americredit.com> writes: La...

[tao-users] Use of TAO_OutputCDR and ACE_Message_Block in CORBA::Any from TAO 1.4.1|ACE 5.4.1 to TAO2.2.0|ACE 6.2.0
This is a multipart message in MIME format. ------=_NextPart_000_00BF_01CEA8D4.9E005C80 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable TAO VERSION: 2.2.0 ACE VERSION: 6.2.0 =20 HOST MACHINE and OPERATING SYSTEM: x86_64 and Red Hat - Linux 2.6.18-194.26.1.el5 =20 TARGET MACHINE and OPERATING SYSTEM, if different from HOST: =20 COMPILER NAME AND VERSION (AND PATCHLEVEL): gcc (GCC) 4.8.1 =20 THE $ACE_ROOT/ace/config.h FILE: config-linux.h =20 THE $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE: platform_linux.GNU =20 CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/default.features (used by MPC when you generate your own makefiles): =20 AREA/CLASS/EXAMPLE AFFECTED: TAO_OutputCDR and ACE_Message_Block. =20 DOES THE PROBLEM AFFECT: EXECUTION. My application is affected. =20 SYNOPSIS: The code that extract data from CORBA::Any using TAO_OutputCDR and ACE_Message_Block for user defined types works properly in the old platform (TAO 1.4.1|ACE 5.4.1), but not in the new one(ACE 6.2.0). =20 DESCRIPTION: The code in the =93REPEAT BY=94 section works fine in the old platform = for user defined types, that is, the TAO_OutputCDR and ACE_Message_Block objects have the same length, but in the new platform th...

PPPD 2.4.1 and 2.4.2 with wvdial 1.53 problem
Hello I have downloaded pppd 2.4.2 (and 2.4.1 after I failed to connect with 2.4.1) and it compiled (both the kernel and the user parts) OK. Without any changes to my wvdial 1.53 conf file, I try to use the new pppd. Result: Feb 13 15:53:16 gw wvdial[2629]: WvDial: Internet dialer version 1.53 Feb 13 15:53:16 gw wvdial[2629]: Initializing modem. Feb 13 15:53:16 gw wvdial[2629]: Sending: AT Feb 13 15:53:16 gw wvdial[2629]: ERROR Feb 13 15:53:16 gw wvdial[2629]: ERROR Feb 13 15:53:16 gw wvdial[2629]: OK Feb 13 15:53:16 gw wvdial[2629]: Sending: ATB0 Feb 13 15:53:16 gw wvdial[2629]: ERROR Fe...

Film scanner for 2 1/4 inch by 2 1/4 inch #2
Hi, I have hundreds of APS, 35mm, and 2 1/4 by 2 1/4 inch negatives that I would like to scan. I posted an item on this newsgroup in October, 2003. So far, I have not yet bought a new scanner. My main requirement is that it handles 21/4 inch separate negatives. PC Pro magazine reviewed the Canon Canoscan 8800F recently. See http://www.pcpro.co.uk/reviews/128849/canon-canoscan-8800f.html It gave a good review. I phoned Canon to see if it could handle separate 2 1/4 inch negatives. They said it could. Has anyone used this scanner? If so, that do you think about it. Whi...

TRSDOS II, version 4.2.0, 4.2.2, 4.2.4, 4.2.6 (or 4.3.x or 4.4)
Hi, Group I require a copy of the above DOS, but I need it _on disk_ as I do not have an emulator for the Model II that must be tested. Is there any possible sources of the OS on disk, or can you advise if the original 8" drive can be hooked to another device so that I can transfer an electronic copy to the disk to boot the machine? What other options do I have? Thanks L replying to my own post :-) I found an article here (http://www.tim-mann.org/trs80resources.html) where Tim describes a trick to rescue a disk's contents. This should be a workable solution...

Java 1.4.2 Vs 1.5 Vs 1.6 #2
I'm sure this question has been posted but I've not found any definitive answer. I maintain a product line that consists of a dedicated Linux system running Java to provide a GUI interface as a control system for underlying hardware. I've been working to move to jdk 1.5 (not hard but I'm busy) and now this new DST thing which is not covered by the version I've been porting to (1.5.0-b64) makes me want to rething about going to the latest 1.6. It seems every version change had problems in the beginning and I didn't even try 1.6 because of that. Now I'm thinking about it again. Can anyone give me a level of comfort about just going to the latest jdk and jre? Is there an advantage to going to the latest 1.6 versus the last 1.5? The liability of 1.6 is, of course, it's not as tested as the previous releases but, as java has matured, I think that some of that may be pretty minimal. I don't have enough data to judge. Can I get opinions? Any input is greatly appreciated. James Kimble wrote: > I'm sure this question has been posted but I've not found any > definitive answer. > > I maintain a product line that consists of a dedicated Linux system > running Java to provide a GUI interface as a control system for > underlying hardware. I've been working to move to jdk 1.5 (not hard > but I'm busy) and now this new DST thing which is not covered by the > version I've been porting to (1.5.0-b64) makes me...

(??] [2/4]
begin 644 TEST2.txt 186YO=&AE<B!T97-T+BXN+BX` ` end Posted Via Usenet.com Premium Usenet Newsgroup Services ---------------------------------------------------------- ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY ** ---------------------------------------------------------- http://www.usenet.com ...

(??] [4/4]
begin 644 Untitled2.txt ,2&5L;&\@07-I82$A ` end Posted Via Usenet.com Premium Usenet Newsgroup Services ---------------------------------------------------------- ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY ** ---------------------------------------------------------- http://www.usenet.com ...

ANN: ActivePython 2.6.2.2, 3.1.0b1.0, 2.5.4.4 is now available
I'm happy to announce that ActivePython 2.6.2.2, 3.1.0b1.0 and 2.5.4.4 are now available for download from: http://www.activestate.com/activepython/ This is a patch release that updates ActivePython to core Python 2.6.2 and 3.1b2. This release also contains updates to Tcl/Tk 8.5.7 and Tix 8.4.3. We recommend that you try 2.6 version first. See the release notes for full details: http://docs.activestate.com/activepython/2.6/relnotes.html What is ActivePython? --------------------- ActivePython is ActiveState's binary distribution of Python. Builds for Windows, Mac OS X,...

Re: Dependency problems migrating from 2.4.2 to [wx 2.6.1, WinXP, VC 7.1] #2
Hi Ben, > If it were unreasonable for a cross-platform app to use libjpeg (as you seem > to be implying) then a huge majority of cross-platform open-source apps out > there are "unreasonable." Is there, in fact, a shared jpeg library guaranteed to be available on all versions of Windows? > This is really bizarre to encounter this on the wx mailing list. Since when > does Microsoft have any say at all in how developers create cross-platform > apps? If they did, we wouldn't be using wxWidgets. If you develop wxWidgets applications for Microsoft...

Notation: R(a,k) denotes the rising factorial a(a+1)...(a+k-1 ...the certificate being 2 2 2 (5 m - 12 m p - 2 m + 8 p + 3 n m - n
Notation: R(a,k) denotes the rising factorial a(a+1)...(a+k-1 ...the certificate being 2 2 2 (5 m - 12 m p - 2 m + 8 p + 3 n m - n - 4 n p + 1 + 4 p) n -------------------------------------------------------------, QED . ... Musatov ...

Upgrading 2.4.1 to 2.4.2
Hi, I have Python 2.4.1 and have downloaded 2.4.2. Is there a way to avoid installing everything and, instead, just upgrade? Thanks, Sorin __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com Sori Schwimmer wrote: > I have Python 2.4.1 and have downloaded 2.4.2. Is > there a way to avoid installing everything and, > instead, just upgrade? Run the following code on your 2.4.1 installation and post the results: python -m platform Or, if you prefer: import platform platform.platform(True, False) -- -Scott D...

Cyrus IMAP 2.2.4 w/ SASL 2.1.14 and Kerberos-4
I'm trying to build Cyrus IMAP so that it checks plaintext passwords using Kerb4 and also allows the clients to authenticate using Kerb4. I believe I need to build this with Kerberos-4 and SASL (which must support KERBEROS_V4 authentication). Is this correct, or do I only need one or the other? I'm having numerous difficulties with the cyrus-imapd configure script. It complains that my kerberos-4 build doesn't have the DES implementation, and when I try using kerberos-5-1.2.8, it can't properly locate the kerberos 4 libraries. Matt Cuttitta ...

MIME encoding change in Python 2.4.3 (or 2.4.2? 2.4.1?)
I have an application that processes MIME messages. It reads a message from a file, looks for a text/html and text/plain parts in it, performs some processing on these parts, and outputs the new message. Ever since I recently upgraded my Python to 2.4.3, the output messages started to come out garbled, as a block of junk characters. I traced the problem back to a few lines that were removed from the email package: The new Python no longer encodes the payload when converting the MIME message to a string. Since my program must work on several computers, each having a different version of Pyth...

PHPBB2, PHP 4.3.4, MySQL 4.1.1, Apache 2.0.49, Fedora 2
My combination is: PHPBB2, PHP 4.3.4, MySQL 4.1.1, Apache 2.0.49, Fedora 2 Anyone out there has a successful combination of newer versions ? fr gr Erik ...

Dependency problems migrating from 2.4.2 to [wx 2.6.1, WinXP, VC 7.1]
Hi folks, I'm trying to migrate some applications from wx2.4.2 to 2.6.1. It's wonderful that the libraries are now separate rather than monolithic, because i only need wxBase and wxCore. However, at link time, i get errors like this: LINK : fatal error LNK1104: cannot open file 'wxbase26d_net.lib' Now, i don't need or want the wxNet library (the whole point of not having a monolithic build is that we shouldn't have to link with all these.) However, this link dependency is apparently _required_ by wxWidgets 2.6.1, because of the file "include/msvc/wx...

(??] [4/4]
begin 644 Untitled2.txt ,2&5L;&\@07-I82$A ` end Posted Via Usenet.com Premium Usenet Newsgroup Services ---------------------------------------------------------- ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY ** ---------------------------------------------------------- http://www.usenet.com ...

(??] [4/4]
begin 644 Untitled2.txt ,2&5L;&\@07-I82$A ` end Posted Via Usenet.com Premium Usenet Newsgroup Services ---------------------------------------------------------- ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY ** ---------------------------------------------------------- http://www.usenet.com ...

Web resources about - OpenSSH 4.2 with KRB5 1.4.1 on Solaris 2.6 - comp.protocols.kerberos

OpenSSH - Wikipedia, the free encyclopedia
It was designed as a free and open source alternative to the proprietary SSH network protocol, developed by Tatu Ylönen and offered by SSH Communications ...

OpenSSH
the main OpenSSH page

Core Infrastructure Initiative to delve into security of OpenSSL, OpenSSH, Network Time Protocol
The Linux Foundation today announced the first protocols that it wants to address as part of its open-source code testing and security review. ...

Core Infrastructure Initiative to delve into security of OpenSSL, OpenSSH, Network Time Protocol
The Linux Foundation today announced the first protocols that it wants to address as part of its open-source code testing and security review. ...

Core Infrastructure Initiative to delve into security of OpenSSL, OpenSSH, Network Time Protocol
The Linux Foundation today announced the first protocols that it wants to address as part of its open-source code testing and security review. ...

Bug in widely used OpenSSH opens servers to password cracking
Flaw dating back to 2007 allows crackers to try huge number of guesses. A recently disclosed bug in OpenSSH software used to remotely access ...

At last! Microsoft brings OpenSSH to Windows
It is a few months since Microsoft announced that SSH support was on its way to Windows. The absence of this feature has baffled and frustrated ...

OpenSSH patches leak that could expose private SSH keys
If you're connecting to servers over the secure shell (SSH) protocol using an OpenSSH client, you should update that client immediately. The ...

OpenSSH patches information leak that could expose private SSH keys
A vulnerability in OpenSSH clients could expose users' private SSH keys to rogue or compromised servers.

OpenSSH Patches Flaw That Lets Attackers Steal Private Keys
Flaw exists in an a feature that is turned on by default in all OpenSSH clients between versions 5.4 and 7.1, says Qualys

Resources last updated: 3/10/2016 2:28:00 PM