If pam_krb5 is configured to allow user to change password and if it's expired, Percona Server will crash after receiving the new password:
The environment to setup Kerberos and PS 57 is attached to this ticket. You can review the deployment from deploy_kerberos file. You will need to create a kerberos user when you've logged in. Instructions are provided below:
Extract 268949.zip and cd to that directory. Start the instance by running "vagrant up". Once started, connect to the instance by running "vagrant ssh". Then run these commands on the sandbox:
- Run kadmin.local and create a user called user2 and provide a password:
- On the same session, expire the password and then quit:
- Sudo to user2. This has been previously created in deploy script. Next, login to mysql as user2. Provide the password you've entered on Step 1. When you are prompted to enter a new Kerberos password, MySQL will crash:
If needed, core file will be generated in /tmp/corefiles directory.
The workaround would be to disallow resetting the password from PAM which is passing the parameter chpw_prompt=false in /etc/pam.d/mysqld