[Bug 1332988] Re: kdb5_util create and krb5_newrealm fail due to existing /var/lib/krb5kdc/principal/wrong error message

Launchpad Bug Tracker 1332988 at bugs.launchpad.net
Thu Feb 9 19:32:48 UTC 2017 

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: krb5 (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1332988

Title:
  kdb5_util create and krb5_newrealm fail due to existing
  /var/lib/krb5kdc/principal/wrong error message

Status in krb5 package in Ubuntu:
  Confirmed

Bug description:
  The invokation of both

      LANG=C kdb5_util -r example.com create # with 'example.com' != `hostname`
      # and
      LANG=C krb5_newrealm

  fail with `kdb5_util: File exists while creating database
  '/etc/krb5kdc/principal'` (both with complex password `KPZp*4=pzx
  ^ZGnI-dacjWaOO2` and simple password `a`.  Output before is

      This script should be run on the master KDC/admin server to initialize
      a Kerberos realm.  It will ask you to type in a master key password.
      This password will be used to generate a key that is stored in
      /etc/krb5kdc/stash.  You should try to remember this password, but it
      is much more important that it be a strong password than that it be
      remembered.  However, if you lose the password and /etc/krb5kdc/stash,
      you cannot decrypt your Kerberos database.
      Loading random data
      Initializing database '/var/lib/krb5kdc/principal' for realm 'richter-local.de',
      master key name 'K/M at richter-local.de'
      You will be prompted for the database Master Password.
      It is important that you NOT FORGET this password.
      Enter KDC database master key:
      Re-enter KDC database master key to verify:

  Fixing the issue by invoking

      kdb5_util -r example.com -m destroy -f

  before repeating commands above isn't possible due to error
  `kdb5_util: No such entry in the database while retrieving master
  entry`, `mv /var/lib/krb5kdc/principal /var/lib/krb5kdc/principal.bk1`
  doesn't help.

  After reading the man pages for `kdb5_util` and `krb5_newrealm` it is
  unclear what is acutally missing and/or errornous. At least I don't
  see a reason for such a low quality error message.

  == Ubuntu related ==
  The state should be reset by invoking `apt-get purge krb5-kdc krb5-admin-server` which isn't the case.

  == Further notes ==
  If the error message is fixed,

      It is important that you NOT FORGET this password.

  could be changed to

      It is important that you DO NOT FORGET this password.

  as well.

  In order to work around this issue and get an explanation of the
  rather unhelpful error message, see this old thread for a very similar
  issue on Solaris.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1332988/+subscriptions

More information about the foundations-bugs mailing list