Hello, just a quick update:
in between I also tried the official upgrade path for kerberos: https://web.mit.edu/kerberos/krb5-1.3/krb5-1.3.6/doc/krb5-install.html#Upgrading%20Existing%20Kerberos%20V5%20Installations This procedure leads to the very same problem on machine B. kadmin.local works, kadmin.local -m <password> does not work. I tried the same procedure but in this case the new destination machine "B" had the very same kerberos version and the same linux installation just like machine A. In this case this official upgrade path by exporting and importing principals works just as expected so that kadmin.local -m <passwords> is ok. So it seems like the krb version switch causes this problem. Is there perhaps something more that has to be done... ? Thanks Rainer Am 07.02.2017 um 09:17 schrieb Rainer Krienke: > Hello, > > I run a linux machine A with SuSE SLES11SP4 with a working kerberos > server (version 1.6.3) and want to migrate this server to a new linux > SLES12SP2 machine B where the kerberos installation (version 1.12.5) is > a little more recent. > > I tried to tar the whole stuff in /var/lib/kerberos/krb5kdc on machine A > and then extract it on machine B. Part of this tar is also the stash > file. /etc/krb5.conf is identical on both machines > > Afterwards I am able to run kamin.local and can eg list all the > principals. However I am unable to login using kamin.local -m using my > database master password which works on server A. I see the following > error message if I try on machine B: > > kadmin.local: Unable to decrypt latest master key with the provided > master key while initializing kadmin.local interface > > Does anyone know why it could not be working, or what I have to do to > get it working again? I do not understand this at the moment. What else > aside from the original db password and the principals could this login > depend on? > > Thanks a lot for any help > Rainer > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > -- Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1 56070 Koblenz, Tel: +49261287 1312 Fax +49261287 100 1312 Web: http://userpages.uni-koblenz.de/~krienke PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos