During my tests to use Samba4 as a kdc for kerberized NFS, I found a bug in the KDC code, when generating a principal without pac (e.g. with msktutil and option --no-pac), that causes Samba4 to crash: Running the following command on one of the client machines msktutil -c --upn nfs/testa.linex.org -h testa.linex.org --computer-name testa-service-nfs --server s4-dc1.linex.org --no-pac results in this gdb backtrace on the samba4 dc (s4-dc1.linex.org): Program received signal SIGSEGV, Segmentation fault. 0x00000000005e82e6 in samba_make_krb5_pac () Current language: auto; currently asm (gdb) bt #0 0x00000000005e82e6 in samba_make_krb5_pac () #1 0x00000000004ce243 in samba_wdc_get_pac () #2 0x000000000059290b in _kdc_pac_generate () #3 0x0000000000588055 in _kdc_as_rep () #4 0x00000000005922ec in kdc_as_req () #5 0x000000000059258e in krb5_kdc_process_krb5_request () #6 0x00000000005fc1dc in kdc_process () #7 0x00000000005fc4bb in kdc_tcp_call_loop () ... Looking at the code, the error is quite easy to find: source4/kdc/wdc-samba4.c: krb5_error_code samba_wdc_get_pac() calls 1.) source4/kdc/pac-glue.c: samba_kdc_get_pac_blob() /* The user account may be set not to want the PAC */ ... *_pac_blob = NULL; and then calls 2. source4/kdc/pac-glue.c: samba_make_krb5_pac() which tries to use uninitalized "pac_blob" and segfaults I'll attach a simple patch solved the problem for me. Sorry Andrew, somehow even my second e-mail didn't make it to the list, so let's try it the bugzilla way :-)
Created attachment 5659 [details] Fix no-pac principal creation Probably there's a better place to prevent this bug, however the patch is very simple and solves the problems for now.
Applied and fixed. Thanks!