On Mon, Feb 05, 2007 at 03:12:17PM +1100, Brian May wrote:
> >>>>> "jrodman" == jrodman <[EMAIL PROTECTED]> writes:
>
> jrodman> I do not think simply installing a package without prior
> jrodman> configuration should result in an error.
>
> Agreed.
>
> I am not able to reproduce this :-(
>
> Setting up heimdal-kdc (0.7.2.dfsg.1-9) ...
> kstash: writing key to `/var/lib/heimdal-kdc/m-key'
> Realm max ticket life [unlimited]:Realm max renewable ticket life [unlimited]:
>
> This is on a newly created chroot, with no prior configuration and no
> Kerberos information in DNS either.
>
> What do you get if you run "hostname -d"?
>
> Can you reproduce the problem?
Not sure at the moment. I may retry at some point, although I'm a bit
unclear how I will be able to easily set up the conditions.
My hunch is that the problem is that my debconf priority level was
"high", thus skipping the realm questions, thus leaving the realm
undefined, causing kstash to fail.
I think to get a reasonable chance at reproducing it I will need to set
up a new chroot and this takes some time over my slow netlink.
Currently, `hostname -d' appears to produce nothing:
[EMAIL PROTECTED]:~> hostname -d
[EMAIL PROTECTED]:~>
However, I cannot at all swear that it did not return 'ducker.org' when
I was performing this install. Certainly a subsequent dpkg-reconfigure
filled in the default realm field with DUCKER.ORG, so I suspect it did
return such at that time.
DIGRESSION (to explain difficulty in recreating exact scenario):
The whole kerberos experiment brought about much gnashing of
teeth and poking at things with a stick regarding naming, where
some services seemed to want calufrax.ducker.org, while others
(nfs4) insisted that they wanted 'calufrax' sans ducker.org.
And this was not only plain vanilla forward name lookups, there
was some kind of insane incestuous behavior going on with
reversing the IP and mapping the name back to the service and
refusing it because the domain name was present.
The point is just that things are somewhat scrambled after
installing heimdal, realizing heimdal servers would conflict
with my vsftp, trying a mix of heimdal daemons and mit
implementation servers, which produced some sort of "bad
encryption" useless error (what was sent, why don't you like
it?), leading to eventual MIT-only install, followed by NFS4
insane errors, and tweaking everything at every step to satisfy
the strange errors that would pop up. (My eventual impression
is that heimdal is actually much more helpful in terms of errors
than MIT, and that one should really read a large text on
kerberos before trying to set it up.)
I hope, therefore, that this bug is not terribly dependent upon my
initial config state which is almost certainly long lost.
I will try to set aside time to create a chroot with a debconf "high" or
highest (i forget the name) next week.
-josh
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
