Package: krb5-kdc Version: 1.10.1+dfsg-5+deb7u1 Severity: important I've got to just be missing something, since it seems unlikely that this is this broken for everyone, but I'm not sure what I could be missing. I attempted to create a new MIT Kerberos KDC from scratch on wheezy and the result is an unusable database and a kadmind and kadmin.local that both segfault in db2.
I wiped the database directory and then ran: kdb5_util create -s which appeared to work fine. I then ran kadmin.local and created an rra/admin principal and some cross-realm trust krbtgt/* principals for the realm, and exported kadmin/admin and kadmin/changepw to /etc/krb5kdc/kadm5.keytab, and that also worked. Then, whenever I tried to connect over the kadmin interface and make any changes, I got the following error: kadmin: addprinc thoron WARNING: no policy specified for t...@test-k5.stanford.edu; defaulting to no policy Enter password for principal "t...@test-k5.stanford.edu": Re-enter password for principal "t...@test-k5.stanford.edu": add_principal: Database has not been initialized while creating "t...@test-k5.stanford.edu". I tried to then use kadmin.local, and got the same error. The auth logs are no more informative: Dec 9 19:25:33 kerberos-mit kadmind[20541]: Request: kadm5_create_principal, t...@test-k5.stanford.edu, Database has not been initialized, client=rra/ad...@test-k5.stanford.edu, service=kadmin/kerberos-mit.stanford....@test-k5.stanford.edu, addr=171.67.24.55 Since the warnings were talking about policies, I created a new policy with addpol default, and then tried creating an account again, and that resulted in an immediate segfault (with both kadmin.local and in kadmind with kadmin over protocol). The backtrace is full of unresolved symbols even with libkrb5-dbg installed, but here's as much as it would generate: #0 0x00007fbcec6d9a17 in ?? () from /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/db2.so #1 0x00007fbcec6da49a in ?? () from /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/db2.so #2 0x00007fbd2eb13f86 in krb5_db_get_policy (kcontext=0x19fbe90, name=0x1a29df0 "default", policy=policy@entry=0x7fffb5628f48) at ../../../src/lib/kdb/kdb5.c:2279 #3 0x00007fbd2ed2d246 in kadm5_modify_policy_internal ( server_handle=0x1a06d50, entry=entry@entry=0x7fffb5628ff0, mask=mask@entry=524288) at ../../../../src/lib/kadm5/srv/svr_policy.c:229 #4 0x00007fbd2ed2dc08 in kadm5_create_principal_3 (server_handle=0x1a05260, entry=0x7fffb5629130, mask=2049, n_ks_tuple=3, ks_tuple=0x1a053d0, password=0x7fffb56292a0 "some password") at ../../../../src/lib/kadm5/srv/svr_principal.c:415 #5 0x0000000000404315 in ?? () #6 0x0000000000405cc0 in ?? () #7 0x00007fbd2ef471a3 in ?? () from /lib/x86_64-linux-gnu/libss.so.2 #8 0x00007fbd2ef47300 in ss_execute_line () from /lib/x86_64-linux-gnu/libss.so.2 #9 0x00007fbd2ef476f0 in ss_listen () from /lib/x86_64-linux-gnu/libss.so.2 #10 0x0000000000402fd9 in ?? () #11 0x00007fbd2d200ead in __libc_start_main (main=<optimized out>, argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffb562ba88) at libc-start.c:228 #12 0x0000000000403035 in ?? () #13 0x00007fffb562ba88 in ?? () #14 0x000000000000001c in ?? () #15 0x0000000000000001 in ?? () #16 0x00007fffb562da97 in ?? () #17 0x0000000000000000 in ?? () I'm assuming that the krb5-kdc or krb5-admin-server packages in stable aren't completely broken, so... what am I missing? -- System Information: Debian Release: 7.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages krb5-kdc depends on: ii debconf [debconf-2.0] 1.5.49 ii krb5-config 2.3 ii krb5-user 1.10.1+dfsg-5+deb7u1 ii libc6 2.13-38 ii libcomerr2 1.42.5-1.1 ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1 ii libgssrpc4 1.10.1+dfsg-5+deb7u1 ii libk5crypto3 1.10.1+dfsg-5+deb7u1 ii libkadm5clnt-mit8 1.10.1+dfsg-5+deb7u1 ii libkadm5srv-mit8 1.10.1+dfsg-5+deb7u1 ii libkdb5-6 1.10.1+dfsg-5+deb7u1 ii libkeyutils1 1.5.5-3 ii libkrb5-3 1.10.1+dfsg-5+deb7u1 ii libkrb5support0 1.10.1+dfsg-5+deb7u1 ii libverto1 0.2.2-1 ii lsb-base 4.1+Debian8+deb7u1 krb5-kdc recommends no packages. Versions of packages krb5-kdc suggests: ii krb5-admin-server 1.10.1+dfsg-5+deb7u1 pn krb5-kdc-ldap <none> ii xinetd [inet-superserver] 1:2.3.14-7.1+deb7u1 -- debconf information: krb5-kdc/debconf: true krb5-kdc/purge_data_too: false -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org