[Bug 1332988] [NEW] kdb5_util create and krb5_newrealm fail due to existing /var/lib/krb5kdc/principal/wrong error message
Karl-Philipp Richter
krichter722 at aol.de
Sun Jun 22 16:08:00 UTC 2014
Public bug reported:
The invokation of both
LANG=C kdb5_util -r example.com create # with 'example.com' != `hostname`
# and
LANG=C krb5_newrealm
fail with `kdb5_util: File exists while creating database
'/etc/krb5kdc/principal'` (both with complex password `KPZp*4=pzx^ZGnI-
dacjWaOO2` and simple password `a`. Output before is
This script should be run on the master KDC/admin server to initialize
a Kerberos realm. It will ask you to type in a master key password.
This password will be used to generate a key that is stored in
/etc/krb5kdc/stash. You should try to remember this password, but it
is much more important that it be a strong password than that it be
remembered. However, if you lose the password and /etc/krb5kdc/stash,
you cannot decrypt your Kerberos database.
Loading random data
Initializing database '/var/lib/krb5kdc/principal' for realm 'richter-local.de',
master key name 'K/M at richter-local.de'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
Fixing the issue by invoking
kdb5_util -r example.com -m destroy -f
before repeating commands above isn't possible due to error `kdb5_util:
No such entry in the database while retrieving master entry`, `mv
/var/lib/krb5kdc/principal /var/lib/krb5kdc/principal.bk1` doesn't help.
After reading the man pages for `kdb5_util` and `krb5_newrealm` it is
unclear what is acutally missing and/or errornous. At least I don't see
a reason for such a low quality error message.
== Ubuntu related ==
The state should be reset by invoking `apt-get purge krb5-kdc krb5-admin-server` which isn't the case.
** Affects: krb5 (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
The invokation of both
- LANG=C kdb5_util -r example.com create # with 'example.com' != `hostname`
- # and
- LANG=C krb5_newrealm
+ LANG=C kdb5_util -r example.com create # with 'example.com' != `hostname`
+ # and
+ LANG=C krb5_newrealm
fail with `kdb5_util: File exists while creating database
'/etc/krb5kdc/principal'` (both with complex password `KPZp*4=pzx^ZGnI-
dacjWaOO2` and simple password `a`. Output before is
- This script should be run on the master KDC/admin server to initialize
- a Kerberos realm. It will ask you to type in a master key password.
- This password will be used to generate a key that is stored in
- /etc/krb5kdc/stash. You should try to remember this password, but it
- is much more important that it be a strong password than that it be
- remembered. However, if you lose the password and /etc/krb5kdc/stash,
- you cannot decrypt your Kerberos database.
- Loading random data
- Initializing database '/var/lib/krb5kdc/principal' for realm 'richter-local.de',
- master key name 'K/M at richter-local.de'
- You will be prompted for the database Master Password.
- It is important that you NOT FORGET this password.
- Enter KDC database master key:
- Re-enter KDC database master key to verify:
+ This script should be run on the master KDC/admin server to initialize
+ a Kerberos realm. It will ask you to type in a master key password.
+ This password will be used to generate a key that is stored in
+ /etc/krb5kdc/stash. You should try to remember this password, but it
+ is much more important that it be a strong password than that it be
+ remembered. However, if you lose the password and /etc/krb5kdc/stash,
+ you cannot decrypt your Kerberos database.
+ Loading random data
+ Initializing database '/var/lib/krb5kdc/principal' for realm 'richter-local.de',
+ master key name 'K/M at richter-local.de'
+ You will be prompted for the database Master Password.
+ It is important that you NOT FORGET this password.
+ Enter KDC database master key:
+ Re-enter KDC database master key to verify:
Fixing the issue by invoking
- kdb5_util -r example.com -m destroy -f
+ kdb5_util -r example.com -m destroy -f
before repeating commands above isn't possible due to error `kdb5_util:
No such entry in the database while retrieving master entry`, `mv
/var/lib/krb5kdc/principal /var/lib/krb5kdc/principal.bk1` doesn't help.
After reading the man pages for `kdb5_util` and `krb5_newrealm` it is
unclear what is acutally missing and/or errornous. At least I don't see
a reason for such a low quality error message.
+
+ == Ubuntu related ==
+ The state should be reset by invoking `apt-get purge krb5-kdc krb5-admin-server` which isn't the case.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1332988
Title:
kdb5_util create and krb5_newrealm fail due to existing
/var/lib/krb5kdc/principal/wrong error message
Status in “krb5” package in Ubuntu:
New
Bug description:
The invokation of both
LANG=C kdb5_util -r example.com create # with 'example.com' != `hostname`
# and
LANG=C krb5_newrealm
fail with `kdb5_util: File exists while creating database
'/etc/krb5kdc/principal'` (both with complex password `KPZp*4=pzx
^ZGnI-dacjWaOO2` and simple password `a`. Output before is
This script should be run on the master KDC/admin server to initialize
a Kerberos realm. It will ask you to type in a master key password.
This password will be used to generate a key that is stored in
/etc/krb5kdc/stash. You should try to remember this password, but it
is much more important that it be a strong password than that it be
remembered. However, if you lose the password and /etc/krb5kdc/stash,
you cannot decrypt your Kerberos database.
Loading random data
Initializing database '/var/lib/krb5kdc/principal' for realm 'richter-local.de',
master key name 'K/M at richter-local.de'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
Fixing the issue by invoking
kdb5_util -r example.com -m destroy -f
before repeating commands above isn't possible due to error
`kdb5_util: No such entry in the database while retrieving master
entry`, `mv /var/lib/krb5kdc/principal /var/lib/krb5kdc/principal.bk1`
doesn't help.
After reading the man pages for `kdb5_util` and `krb5_newrealm` it is
unclear what is acutally missing and/or errornous. At least I don't
see a reason for such a low quality error message.
== Ubuntu related ==
The state should be reset by invoking `apt-get purge krb5-kdc krb5-admin-server` which isn't the case.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1332988/+subscriptions
More information about the foundations-bugs
mailing list