Bug 276257

Summary: security/heimdal kadmin -l init segfaults on FreeBSD 14.0-RELEASE
Product: Ports & Packages Reporter: Ivan <bsd>
Component: Individual Port(s)Assignee: Cy Schubert <cy>
Status: Closed DUPLICATE    
Severity: Affects Only Me CC: cy
Priority: --- Flags: bugzilla: maintainer-feedback? (hrs)
Version: Latest   
Hardware: Any   
OS: Any   

Description Ivan 2024-01-11 12:03:15 UTC 
I try to setup heimdal according handbook guide, however kadmin -l is unable to init new realm, init command segfaults.

I've tried heimdal and heimdal-devel compiled and installed from packages, both on 14.0 without any luck. 

On 13 branch it works.

I've found a really old PR here with the same symptoms and it could be workarounded with custom cyphers after openssl banned rc4. However, I found no suitable settings in my case yet.

To reproduce the issue:

1. Clean /var/heimdal, do not start daemons.
2. Do not bother with master key or krb5.conf, just proceed with kadmin -l and issue init DOMAIN.NAME. It asks a question about ticket lifetime and crashes after that, leaving database empty.
Comment 1 Ivan 2024-01-11 16:48:27 UTC 
I've found that base system has kadmin too and it was the base version that crashes. 

/usr/local/bin/kadmin fails with another reason:

kadmin> init MY.DOMAIN
Realm max ticket life [unlimited]:
Realm max renewable ticket life [unlimited]:
kadmin: rc4 8: EVP_CipherInit_ex einit
Comment 2 Ivan 2024-01-11 17:51:56 UTC 

*** This bug has been marked as a duplicate of bug 275915 ***
Comment 3 Cy Schubert freebsd_committer freebsd_triage 2024-01-30 04:58:17 UTC 
I believe we fixed this in stable/14 with c7db2e15e4045e1daba939bb151fc5878f791c7b and 17e941a0c88cac2d8cd28d6614448adbd65d4b72. Can you try these, please?
Comment 4 Cy Schubert freebsd_committer freebsd_triage 2024-01-30 05:00:38 UTC 

*** This bug has been marked as a duplicate of bug 272835 ***