Package: krb5-kdc
Version: 1.10.1+dfsg-5+deb7u1
Severity: important
I've got to just be missing something, since it seems unlikely that
this is this broken for everyone, but I'm not sure what I could be
missing. I attempted to create a new MIT Kerberos KDC from scratch
on wheezy and the result is an unusable database and a kadmind and
kadmin.local that both segfault in db2.
I wiped the database directory and then ran:
kdb5_util create -s
which appeared to work fine. I then ran kadmin.local and created
an rra/admin principal and some cross-realm trust krbtgt/*
principals for the realm, and exported kadmin/admin and
kadmin/changepw to /etc/krb5kdc/kadm5.keytab, and that also worked.
Then, whenever I tried to connect over the kadmin interface and
make any changes, I got the following error:
kadmin: addprinc thoron
WARNING: no policy specified for t...@test-k5.stanford.edu; defaulting to no
policy
Enter password for principal "t...@test-k5.stanford.edu":
Re-enter password for principal "t...@test-k5.stanford.edu":
add_principal: Database has not been initialized while creating
"t...@test-k5.stanford.edu".
I tried to then use kadmin.local, and got the same error. The
auth logs are no more informative:
Dec 9 19:25:33 kerberos-mit kadmind[20541]: Request: kadm5_create_principal,
t...@test-k5.stanford.edu, Database has not been initialized,
client=rra/ad...@test-k5.stanford.edu,
service=kadmin/kerberos-mit.stanford....@test-k5.stanford.edu, addr=171.67.24.55
Since the warnings were talking about policies, I created a new
policy with addpol default, and then tried creating an account again,
and that resulted in an immediate segfault (with both kadmin.local
and in kadmind with kadmin over protocol). The backtrace is full of
unresolved symbols even with libkrb5-dbg installed, but here's as much
as it would generate:
#0 0x00007fbcec6d9a17 in ?? ()
from /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/db2.so
#1 0x00007fbcec6da49a in ?? ()
from /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/db2.so
#2 0x00007fbd2eb13f86 in krb5_db_get_policy (kcontext=0x19fbe90,
name=0x1a29df0 "default", policy=policy@entry=0x7fffb5628f48)
at ../../../src/lib/kdb/kdb5.c:2279
#3 0x00007fbd2ed2d246 in kadm5_modify_policy_internal (
server_handle=0x1a06d50, entry=entry@entry=0x7fffb5628ff0,
mask=mask@entry=524288) at ../../../../src/lib/kadm5/srv/svr_policy.c:229
#4 0x00007fbd2ed2dc08 in kadm5_create_principal_3 (server_handle=0x1a05260,
entry=0x7fffb5629130, mask=2049, n_ks_tuple=3, ks_tuple=0x1a053d0,
password=0x7fffb56292a0 "some password")
at ../../../../src/lib/kadm5/srv/svr_principal.c:415
#5 0x0000000000404315 in ?? ()
#6 0x0000000000405cc0 in ?? ()
#7 0x00007fbd2ef471a3 in ?? () from /lib/x86_64-linux-gnu/libss.so.2
#8 0x00007fbd2ef47300 in ss_execute_line ()
from /lib/x86_64-linux-gnu/libss.so.2
#9 0x00007fbd2ef476f0 in ss_listen () from /lib/x86_64-linux-gnu/libss.so.2
#10 0x0000000000402fd9 in ?? ()
#11 0x00007fbd2d200ead in __libc_start_main (main=<optimized out>,
argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>,
fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffb562ba88)
at libc-start.c:228
#12 0x0000000000403035 in ?? ()
#13 0x00007fffb562ba88 in ?? ()
#14 0x000000000000001c in ?? ()
#15 0x0000000000000001 in ?? ()
#16 0x00007fffb562da97 in ?? ()
#17 0x0000000000000000 in ?? ()
I'm assuming that the krb5-kdc or krb5-admin-server packages in stable
aren't completely broken, so... what am I missing?
-- System Information:
Debian Release: 7.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages krb5-kdc depends on:
ii debconf [debconf-2.0] 1.5.49
ii krb5-config 2.3
ii krb5-user 1.10.1+dfsg-5+deb7u1
ii libc6 2.13-38
ii libcomerr2 1.42.5-1.1
ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1
ii libgssrpc4 1.10.1+dfsg-5+deb7u1
ii libk5crypto3 1.10.1+dfsg-5+deb7u1
ii libkadm5clnt-mit8 1.10.1+dfsg-5+deb7u1
ii libkadm5srv-mit8 1.10.1+dfsg-5+deb7u1
ii libkdb5-6 1.10.1+dfsg-5+deb7u1
ii libkeyutils1 1.5.5-3
ii libkrb5-3 1.10.1+dfsg-5+deb7u1
ii libkrb5support0 1.10.1+dfsg-5+deb7u1
ii libverto1 0.2.2-1
ii lsb-base 4.1+Debian8+deb7u1
krb5-kdc recommends no packages.
Versions of packages krb5-kdc suggests:
ii krb5-admin-server 1.10.1+dfsg-5+deb7u1
pn krb5-kdc-ldap <none>
ii xinetd [inet-superserver] 1:2.3.14-7.1+deb7u1
-- debconf information:
krb5-kdc/debconf: true
krb5-kdc/purge_data_too: false
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
