Sent to krbdev. Posting here for future users. Workaround to the bug can be found under 'REFERENCES'. Done talking to myself :)
MIT Kerberos 1.6.3 PROBLEM ======= Standing up a brand new slave KDC does not go according to the MIT documentation. Not a documentation error. There is a bug lurking in the code. DETAILS ======= http://mailman.mit.edu/pipermail/kerberos/2008-April/013558.html http://mailman.mit.edu/pipermail/kerberos/2008-April/013560.html REFERENCES ========== Another user who experienced the same thing as me: http://www.mail-archive.com/kerberos@mit.edu/msg13573.html Another user who experienced the same thing as me (bottom half of web page) and thankfully wrote up a solution! http://www.ba.infn.it/~domenico/docs/AAIFiles/kerberos.html Jeff Blaine wrote: > And more! > > kdc2% sudo ../barnowl-krb5/sbin/kpropd -d -S > Connection from kdc.foo.com > krb5_recvauth(5, kprop5_01, host/[EMAIL PROTECTED], ...) > authenticated client: host/[EMAIL PROTECTED] (etype == Triple DES > cbc mode with HMAC/sha1) > calling kdb5_util to load database > Child PID is 2088 > load: File exists > ../kdc2-krb5/sbin/kpropd: /var/kdc2-krb5/sbin/kdb5_util returned a bad > exit status (1) > kdc2% > > On the main KDC (where kprop is being run): > > sbin/kprop: Software caused connection abort while reading response from > server > > Jeff Blaine wrote: >> Oh hey, there IS a -d flag! Here's that info, although it's >> not helpful really. >> >> kdc% sudo sbin/kprop -d -f /var/krb5kdc/slave_datatrans kdc2.foo.com >> 32768 bytes sent. >> 65536 bytes sent. >> 98304 bytes sent. >> 131072 bytes sent. >> 163840 bytes sent. >> 196608 bytes sent. >> 229376 bytes sent. >> 255017 bytes sent. >> sbin/kprop: Software caused connection abort while reading response >> from server >> kdc% >> >> >> Jeff Blaine wrote: >>> Onto the next problem: >>> >>> [ This guy never got responded to in public that I can see: ] >>> [ http://mailman.mit.edu/pipermail/kerberos/2007-August/012034.html ] >>> >>> kdc% sudo sbin/kprop -f /var/krb5kdc/slave_datatrans kdc2.foo.com >>> sbin/kprop: Software caused connection abort while reading response >>> from server >>> kdc% >>> >>> Leaves me with this on the following on the slave KDC (kdc2) >>> and the inability to use 'kdb5_util stash' due to 'no such >>> file or directory' because principal.ok does not exist >>> (according to truss). >>> >>> kdc2# pwd >>> /var/krb5kdc >>> kdc2# ls -lart >>> total 998 >>> -rw------- 1 root root 151 Apr 23 14:12 kpropd.acl >>> drwxr-xr-x 48 root sys 1024 Apr 23 14:16 ../ >>> -rw------- 1 root root 255017 Apr 23 14:19 from_master >>> -rw------- 1 root root 0 Apr 23 14:19 >>> principal~.kadm5.lock >>> -rw------- 1 root root 8192 Apr 23 14:19 principal~.kadm5 >>> -rw------- 1 root root 212992 Apr 23 14:19 principal~ >>> drwxr-xr-x 2 root root 512 Apr 23 14:19 ./ >>> -rw------- 1 root root 8192 Apr 23 14:19 principal >>> -rw------- 1 root root 0 Apr 23 2008 principal~.ok >>> kdc2# >>> >>> Any ideas? >>> >> > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos