[Bug 1688310] Re: KDC/kadmind may fail to start on IPv4-only systems

Andreas Hasenack andreas at canonical.com
Mon May 15 13:31:22 UTC 2017


Reproducing the problem with 1.15-1:
ubuntu at 15-89:~$ apt-cache policy krb5-kdc
krb5-kdc:
  Installed: 1.15-1
  Candidate: 1.15-1
  Version table:
 *** 1.15-1 500
        500 http://br.archive.ubuntu.com/ubuntu zesty/universe amd64 Packages
        100 /var/lib/dpkg/status

After rebooting with no IPv6 support, the kerberos services are not running:
ubuntu at 15-89:~$ ps faxw|grep -E "(krb5kdc|kadmind)"|grep -v grep
ubuntu at 15-89:~$

And we have the expected failure in auth.log:
ubuntu at 15-89:~$ sudo grep -E "(kadmind|krb5kdc).*Failed" /var/log/auth.log
May 15 13:23:40 15-89 kadmind[1195]: Failed setting up a UDP socket (for ::.464)
May 15 13:23:40 15-89 krb5kdc[1196]: Failed setting up a UDP socket (for ::.750)
May 15 13:24:34 15-89 sudo:   ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/bin/grep -E (kadmind|krb5kdc).*Failed /var/log/auth.log


Now we install the fixed packages from proposed:
ubuntu at 15-89:~$ apt-cache policy krb5-kdc
krb5-kdc:
  Installed: 1.15-1ubuntu0.1
  Candidate: 1.15-1ubuntu0.1
  Version table:
 *** 1.15-1ubuntu0.1 500
        500 http://br.archive.ubuntu.com/ubuntu zesty-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     1.15-1 500
        500 http://br.archive.ubuntu.com/ubuntu zesty/universe amd64 Packages

Immediately after that the services are running already:
ubuntu at 15-89:~$ ps faxw|grep -E "(krb5kdc|kadmind)"|grep -v grep
 2377 ?        Ss     0:00 /usr/sbin/krb5kdc -P /var/run/krb5-kdc.pid
 2443 ?        Ss     0:00 /usr/sbin/kadmind -nofork


We still have errors in auth.log, but they are not fatal:
May 15 13:26:49 15-89 kadmind[2443]: Address family not supported by protocol - Cannot create TCP server socket on ::.464
May 15 13:26:49 15-89 kadmind[2443]: Failed setting up a UDP socket (for ::.464)

And we are bound to IPv4 sockets only as expected:
ubuntu at 15-89:~$ sudo netstat -anp|grep -E "^(tcp|udp).*(krb5kdc|kadmind)"
tcp        0      0 0.0.0.0:88              0.0.0.0:*               LISTEN      2377/krb5kdc        
tcp        0      0 0.0.0.0:749             0.0.0.0:*               LISTEN      2443/kadmind        
tcp        0      0 0.0.0.0:464             0.0.0.0:*               LISTEN      2443/kadmind        
udp        0      0 0.0.0.0:88              0.0.0.0:*                           2377/krb5kdc        
udp        0      0 0.0.0.0:464             0.0.0.0:*                           2443/kadmind        
udp        0      0 0.0.0.0:750             0.0.0.0:*                           2377/krb5kdc       


** Tags removed: verification-needed
** Tags added: verification-done-zesty

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1688310

Title:
  KDC/kadmind may fail to start on IPv4-only systems

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1688310/+subscriptions



More information about the Ubuntu-server-bugs mailing list