interface kadmin não está funcionando - fecha imediatamente a conexão

Até agora eu tenho feito a maior parte da administração do kerberos com kadmin.local , no entanto, estou tentando migrar para o uso do controle remoto kadmin , já que seria uma prática melhor e tudo mais.

O que estou vendo é isto:

esr@cpt2:~$ kadmin -p 'esr/admin'
Authenticating as principal esr/admin with password.
Password for esr/[email protected]: 
esr@cpt2:~$

, ou seja, o login acontece perfeitamente, mas a conexão é imediatamente encerrada.

No lado do servidor:

Jan 08 12:51:02 00-kdc krb5kdc[9729](info): AS_REQ (4 etypes {18 17 16 23}) X.X.X.X: NEEDED_PREAUTH: esr/[email protected] for kadmin/[email protected], Additional pre-authentication required
Jan 08 12:51:05 00-kdc krb5kdc[9729](info): AS_REQ (4 etypes {18 17 16 23}) X.X.X.X: ISSUE: authtime 1389207065, etypes {rep=18 tkt=18 ses=18}, esr/[email protected] for kadmin/[email protected]

==> /var/log/krb5kdc/kadmin.log <==
Jan 08 12:51:05 00-kdc kadmind[9720](Error): TCP client X.X.X.X.41541 wants 2147484348 bytes, cap is 1048572
Jan 08 12:51:05 00-kdc kadmind[9720](info): closing down fd 333

o erro wants 2147484348 bytes, cap is 1048572 imediatamente saltou para mim, mas está se mostrando incrivelmente difícil de rastrear. Eu encontrei o link , mas isso parece ter sido resolvido há muito tempo.

Além disso, estou usando

Package: krb5-admin-server
Version: 1.10+dfsg~beta1-2ubuntu0.3
Package: krb5-kdc
Version: 1.10+dfsg~beta1-2ubuntu0.3

Rastreio de conexão do cliente:

esr$ KRB5_TRACE=/dev/stdout kadmin
Authenticating as principal esr/[email protected] with password.
[2913] 1389633823.366797: Initializing MEMORY:kadm5_0 with default princ esr/[email protected]
[2913] 1389633823.366900: Getting initial credentials for esr/[email protected]
[2913] 1389633823.367196: Setting initial creds service to kadmin/[email protected]
[2913] 1389633823.367314: Sending request (199 bytes) to DOMAIN.EDU
[2913] 1389633823.367417: Resolving hostname ldap-master.domain.edu
[2913] 1389633823.367562: Sending initial UDP request to dgram X.X.X.X:88
[2913] 1389633823.371591: Received answer from dgram X.X.X.X:88
[2913] 1389633823.410550: Response was not from master KDC
[2913] 1389633823.410581: Received error from KDC: -1765328359/Additional pre-authentication required
[2913] 1389633823.410619: Processing preauth types: 136, 19, 2, 133
[2913] 1389633823.410636: Selected etype info: etype aes256-cts, salt "DOMAIN.EDUesradmin", params ""
[2913] 1389633823.410640: Received cookie: MIT
Password for esr/[email protected]:
[2913] 1389633826.379096: AS key obtained for encrypted timestamp: aes256-cts/4485
[2913] 1389633826.409058: Encrypted timestamp (for 1389633826.408987): plain <snip>
[2913] 1389633826.409100: Preauth module encrypted_timestamp (2) (flags=1) returned: 0/Success
[2913] 1389633826.409105: Produced preauth for next request: 133, 2
[2913] 1389633826.409123: Sending request (294 bytes) to DOMAIN.EDU
[2913] 1389633826.409142: Resolving hostname ldap-master.domain.edu
[2913] 1389633826.409203: Sending initial UDP request to dgram X.X.X.X:88
[2913] 1389633826.506049: Received answer from dgram X.X.X.X:88
[2913] 1389633826.550573: Response was not from master KDC
[2913] 1389633826.550610: Processing preauth types: 19
[2913] 1389633826.550618: Selected etype info: etype aes256-cts, salt "DOMAIN.EDUesradmin", params ""
[2913] 1389633826.550623: Produced preauth for next request: (empty)
[2913] 1389633826.550632: AS key determined by preauth: aes256-cts/4485
[2913] 1389633826.550688: Decrypted AS reply; session key is: aes256-cts/13A4
[2913] 1389633826.550706: FAST negotiation: available
[2913] 1389633826.550744: Initializing MEMORY:kadm5_0 with default princ esr/[email protected]
[2913] 1389633826.550753: Removing esr/[email protected] -> kadmin/[email protected] from MEMORY:kadm5_0
[2913] 1389633826.550760: Storing esr/[email protected] -> kadmin/[email protected] in MEMORY:kadm5_0
[2913] 1389633826.550770: Storing config in MEMORY:kadm5_0 for kadmin/[email protected]: fast_avail: yes
[2913] 1389633826.550780: Removing esr/[email protected] -> krb5_ccache_conf_data/fast_avail/kadmin\/ldap-master.domain.edu\@DOMAIN.EDU@X-CACHECONF: from MEMORY:kadm5_0
[2913] 1389633826.550787: Storing esr/[email protected] -> krb5_ccache_conf_data/fast_avail/kadmin\/ldap-master.domain.edu\@DOMAIN.EDU@X-CACHECONF: in MEMORY:kadm5_0
[2913] 1389633826.575550: Getting credentials esr/[email protected] -> kadmin/[email protected] using ccache MEMORY:kadm5_0
[2913] 1389633826.575589: Retrieving esr/[email protected] -> kadmin/[email protected] from MEMORY:kadm5_0 with result: 0/Success
[2913] 1389633826.575641: Creating authenticator for esr/[email protected] -> kadmin/[email protected], seqnum 982754712, subkey aes256-cts/33D5, session key aes256-cts/13A4
[2913] 1389633826.578730: Getting credentials esr/[email protected] -> kadmin/[email protected] using ccache MEMORY:kadm5_0
[2913] 1389633826.578775: Retrieving esr/[email protected] -> kadmin/[email protected] from MEMORY:kadm5_0 with result: 0/Success
[2913] 1389633826.578816: Creating authenticator for esr/[email protected] -> kadmin/[email protected], seqnum 799315236, subkey aes256-cts/E55C, session key aes256-cts/13A4