Kadmind/krb5kdc on Solaris 10 doesn't daemonize properly either. I had to hack the startup scripts to manually background the processes rather than rely on the process to daemonize itself.
http://mail.opensolaris.org/pipermail/kerberos-discuss/2010-February/000883.html Regards, Jeff van Eek FM Service Team Manager Ph : +31 071 565 8768 Email: [email protected] Shawn Emery <[email protected]> Sent by: [email protected] 05/12/10 07:57 AM To Piotr Jasiukajtis <[email protected]> cc [email protected] Subject Re: [kerberos-discuss] b134 kadmin maintenance On 05/11/10 07:33 AM, Piotr Jasiukajtis wrote: > A workaround: > Start '/usr/lib/krb5/kadmind' manually from the command line. > > On Tue, May 11, 2010 at 3:19 PM, Piotr Jasiukajtis<[email protected]> wrote: > >> Hi, >> >> Build 134, local zone. After reboot kadmin daemon doesn't work. >> >> r...@ds1:~# svcs -xv >> svc:/network/security/kadmin:default (Kerberos administration daemon) >> State: maintenance since Tue May 11 15:12:46 2010 >> Reason: Restarting too quickly. >> See: http://sun.com/msg/SMF-8000-L5 >> See: man -M /usr/share/man -s 1M kadmind >> See: /var/svc/log/network-security-kadmin:default.log >> Impact: This service is not running. >> >> >> >> >> r...@ds1:~# cat /var/svc/log/network-security-kadmin\:default.log >> [ Feb 25 05:39:11 Disabled. ] >> [ Feb 25 05:39:11 Rereading configuration. ] >> [ Feb 25 05:39:28 Rereading configuration. ] >> [ Feb 25 14:47:31 Disabled. ] >> [ Feb 25 14:53:11 Disabled. ] >> [ May 11 09:58:45 Disabled. ] >> [ May 11 10:06:17 Disabled. ] >> [ May 11 13:33:00 Enabled. ] >> [ May 11 13:33:00 Executing start method ("/usr/lib/krb5/kadmind"). ] >> kadmind: logging to FILE=/var/krb5/kdc.log >> [ May 11 13:33:00 Method "start" exited with status 0. ] >> [ May 11 14:45:27 Enabled. ] >> [ May 11 14:45:29 Executing start method ("/usr/lib/krb5/kadmind"). ] >> kadmind: logging to FILE=/var/krb5/kdc.log >> [ May 11 14:45:30 Method "start" exited with status 0. ] >> [ May 11 14:45:30 Stopping because all processes in service exited. ] >> [ May 11 14:45:30 Executing stop method (:kill). ] >> [ May 11 14:45:30 Executing start method ("/usr/lib/krb5/kadmind"). ] >> kadmind: logging to FILE=/var/krb5/kdc.log >> [ May 11 14:45:30 Method "start" exited with status 0. ] >> [ May 11 14:45:30 Stopping because all processes in service exited. ] >> [ May 11 14:45:31 Executing stop method (:kill). ] >> [ May 11 14:45:31 Executing start method ("/usr/lib/krb5/kadmind"). ] >> kadmind: logging to FILE=/var/krb5/kdc.log >> [ May 11 14:45:31 Method "start" exited with status 0. ] >> [ May 11 14:45:31 Stopping because all processes in service exited. ] >> [ May 11 14:45:31 Executing stop method (:kill). ] >> [ May 11 14:45:31 Executing start method ("/usr/lib/krb5/kadmind"). ] >> kadmind: logging to FILE=/var/krb5/kdc.log >> [ May 11 14:45:31 Method "start" exited with status 0. ] >> [ May 11 14:45:31 Stopping because all processes in service exited. ] >> [ May 11 14:45:31 Executing stop method (:kill). ] >> [ May 11 14:45:31 Restarting too quickly, changing state to maintenance. ] >> [ May 11 14:46:34 Leaving maintenance because clear requested. ] >> [ May 11 14:46:34 Enabled. ] >> [ May 11 14:46:34 Restarting too quickly, changing state to maintenance. ] >> [ May 11 15:12:46 Leaving maintenance because clear requested. ] >> [ May 11 15:12:46 Enabled. ] >> [ May 11 15:12:46 Restarting too quickly, changing state to maintenance. ] >> >> >> In the log file: >> >> May 11 14:45:30 ds1 kadmind[26227](info): No dictionary file >> specified, continuing without one. >> May 11 14:45:30 ds1 krb5kdc[26229](Error): preauth pkinit failed to >> initialize: No pkinit_identity supplied for realm MYDOMAIN >> May 11 14:45:30 ds1 krb5kdc[26229](info): setting up network... >> [...] >> May 11 14:45:30 ds1 krb5kdc[26287](info): commencing operation >> May 11 14:45:30 ds1 kadmind[26308](Error): Cannot create IProp RPC >> service (PROG=100423, VERS=1), failing. >> May 11 14:45:30 ds1 kadmind[26309](info): No dictionary file >> specified, continuing without one. >> May 11 14:45:30 ds1 kadmind[26314](Error): Cannot create IProp RPC >> service (PROG=100423, VERS=1), failing. >> May 11 14:45:31 ds1 kadmind[26315](info): No dictionary file >> specified, continuing without one. >> May 11 14:45:31 ds1 kadmind[26322](Error): Cannot create IProp RPC >> service (PROG=100423, VERS=1), failing. >> May 11 14:45:31 ds1 kadmind[26326](info): No dictionary file >> specified, continuing without one. >> May 11 14:45:31 ds1 kadmind[26328](Error): Cannot create IProp RPC >> service (PROG=100423, VERS=1), failing. >> >> At the same time KDC daemon does work. >> Any idea? >> Interesting, I've never seen this issue before. What was the prior build that you upgraded from? IProp uses ephemeral ports, so this isn't about port reuse. Could you provide (just me) krb-diag output, so that I can look at your logs and network data? krb-diag can be found here: http://hub.opensolaris.org/bin/view/Project+kerberos/Debuggin Shawn. -- _______________________________________________ kerberos-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/kerberos-discuss
_______________________________________________ kerberos-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/kerberos-discuss
