[Bug 1688310] Re: KDC/kadmind may fail to start on IPv4-only systems
Andreas Hasenack
andreas at canonical.com
Mon May 15 13:31:22 UTC 2017
Reproducing the problem with 1.15-1:
ubuntu at 15-89:~$ apt-cache policy krb5-kdc
krb5-kdc:
Installed: 1.15-1
Candidate: 1.15-1
Version table:
*** 1.15-1 500
500 http://br.archive.ubuntu.com/ubuntu zesty/universe amd64 Packages
100 /var/lib/dpkg/status
After rebooting with no IPv6 support, the kerberos services are not running:
ubuntu at 15-89:~$ ps faxw|grep -E "(krb5kdc|kadmind)"|grep -v grep
ubuntu at 15-89:~$
And we have the expected failure in auth.log:
ubuntu at 15-89:~$ sudo grep -E "(kadmind|krb5kdc).*Failed" /var/log/auth.log
May 15 13:23:40 15-89 kadmind[1195]: Failed setting up a UDP socket (for ::.464)
May 15 13:23:40 15-89 krb5kdc[1196]: Failed setting up a UDP socket (for ::.750)
May 15 13:24:34 15-89 sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/bin/grep -E (kadmind|krb5kdc).*Failed /var/log/auth.log
Now we install the fixed packages from proposed:
ubuntu at 15-89:~$ apt-cache policy krb5-kdc
krb5-kdc:
Installed: 1.15-1ubuntu0.1
Candidate: 1.15-1ubuntu0.1
Version table:
*** 1.15-1ubuntu0.1 500
500 http://br.archive.ubuntu.com/ubuntu zesty-proposed/universe amd64 Packages
100 /var/lib/dpkg/status
1.15-1 500
500 http://br.archive.ubuntu.com/ubuntu zesty/universe amd64 Packages
Immediately after that the services are running already:
ubuntu at 15-89:~$ ps faxw|grep -E "(krb5kdc|kadmind)"|grep -v grep
2377 ? Ss 0:00 /usr/sbin/krb5kdc -P /var/run/krb5-kdc.pid
2443 ? Ss 0:00 /usr/sbin/kadmind -nofork
We still have errors in auth.log, but they are not fatal:
May 15 13:26:49 15-89 kadmind[2443]: Address family not supported by protocol - Cannot create TCP server socket on ::.464
May 15 13:26:49 15-89 kadmind[2443]: Failed setting up a UDP socket (for ::.464)
And we are bound to IPv4 sockets only as expected:
ubuntu at 15-89:~$ sudo netstat -anp|grep -E "^(tcp|udp).*(krb5kdc|kadmind)"
tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 2377/krb5kdc
tcp 0 0 0.0.0.0:749 0.0.0.0:* LISTEN 2443/kadmind
tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 2443/kadmind
udp 0 0 0.0.0.0:88 0.0.0.0:* 2377/krb5kdc
udp 0 0 0.0.0.0:464 0.0.0.0:* 2443/kadmind
udp 0 0 0.0.0.0:750 0.0.0.0:* 2377/krb5kdc
** Tags removed: verification-needed
** Tags added: verification-done-zesty
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1688310
Title:
KDC/kadmind may fail to start on IPv4-only systems
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1688310/+subscriptions
More information about the Ubuntu-server-bugs
mailing list