unable to decode stored principal key data (ASN.1 encoding ended unexpectedly)

Fri, 09 Jan 2009 13:46:51 -0800 

I have an MIT kerberos running with an OpenLDAP backend.  There was a power
outage last weekend, and today have noticed that I cannot kinit.  The error
I am receiving is:

[r...@krb01 openldap]# kinit mrowley
kinit(v5): Generic error (see e-text) while getting initial credentials

krb5kdc.log:
Jan 09 16:38:43 krb01.security.lab.comcast.com krb5kdc[15758](info): AS_REQ
(12 etypes {18 17 16 23 1 3 2 11 10 15 12 13}) 10.252.152.73:
LOOKING_UP_CLIENT: mrow...@krb.comcast.com for
krbtgt/krb.comcast....@krb.comcast.com, unable to decode stored principal
key data (ASN.1 encoding ended unexpectedly)

This is when trying to kinit on the kerberos server.  This error occurs with
any principal. The LDAP backend is working correctly, but can not be sure if
any of the kerberos data has been corrupt.

Has anyone seen this before, or have a way of fixing?  If the error is in
the ldap backend, I cannot simple slapcat the data out, then re-import
because the corrupt data will still be there.  The only thing I can think of
is that the error is in one of the keytab files.  Thanks for any help.

When kinit, this is strace output of the server:
Process 15758 attached - interrupt to quit
select(22, [10 11 12 13 14 15 16 17 18 19 20 21], [], [], NULL) = 1 (in
[13])
recvfrom(13, 
"j\201\3010\201\276\241\3\2\1\5\242\3\2\1\n\244\201\2610\201\256\240\7\3\5\0
\0\0\0\20\241"..., 4096, 0, {sa_family=AF_INET, sin_port=htons(32810),
sin_addr=inet_addr("10.252.152.73")}, [16]) = 196
time(NULL)                              = 1231522663
time(NULL)                              = 1231522663
gettimeofday({1231522663, 432784}, NULL) = 0
time(NULL)                              = 1231522663
write(8, "0\202\0022\2\1\5c\202\2+\4\33o=comcast,dc=comcas"..., 566) = 566
time(NULL)                              = 1231522663
poll([{fd=8, events=POLLIN|POLLPRI|POLLERR|POLLHUP, revents=POLLIN}], 1,
300000) = 1
read(8, "0\202\1\225\2\1\5d", 8)        = 8
read(8, "\202\1\216\4gkrbprincipalname=mrow...@ip"..., 401) = 401
time(NULL)                              = 1231522663
poll([{fd=8, events=POLLIN|POLLPRI|POLLERR|POLLHUP, revents=POLLIN}], 1,
300000) = 1
read(8, "0\f\2\1\5e\7\n", 8)            = 8
read(8, "\1\0\4\0\4\0", 6)              = 6
time(NULL)                              = 1231522663
time(NULL)                              = 1231522663
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
write(3, "Jan 09 12:37:43 ipa01.security.l"..., 304) = 304
gettimeofday({1231522663, 435842}, NULL) = 0
time(NULL)                              = 1231522663
time(NULL)                              = 1231522663
sendto(13, 
"~\201\2670\201\264\240\3\2\1\5\241\3\2\1\36\242\21\30\017200901091737"...,
186, 0, {sa_family=AF_INET, sin_port=htons(32810),
sin_addr=inet_addr("10.252.152.73")}, 16) = 186
gettimeofday({1231522663, 436423}, NULL) = 0
select(22, [10 11 12 13 14 15 16 17 18 19 20 21], [], [], NULL


-- 
MAT
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to