f



"Stored master key is corrupted while initializing kadmin.local interface"

Howdy folks,

I'm running an MIT KDC for two small realms (a few dozen principals
each) on FreeBSD 4-STABLE for i386. I haven't tried to manipulate any
principals via the kadmin interface ia a while (probably two weeks), and
when I tried it recently I ran across an unusual problem: kadmind wasn't
running.

Thinking that that was unusual, but not a bit deal, I attempted to fire
up kadmind:

# /usr/local/krb5/sbin/kadmind -r SEEKINGFIRE.PRV
kadmind: Stored master key is corrupted while initializing, aborting

Oh, that's not good. So I tried via via kadmin.local (which should give
the same result, I know):

# /usr/local/krb5/sbin/kadmin.local
Authenticating as principal tillman/admin@SEEKINGFIRE.PRV with password.
kadmin.local: Stored master key is corrupted while initializing
kadmin.local interface

That's definitely not working. krb5kdc is running and working fine, but
without kadmin I'm probably headed for trouble :-)

So I thought I'd try my other realm. I skipped the kadmind and went
straight to kadmin.local:

# /usr/local/krb5/sbin/kadmin.local -r ROSPA.CA
Authenticating as principal tillman/admin@SEEKINGFIRE.PRV with password.
kadmin.local: Stored master key is corrupted while initializing
kadmin.local interface

Note that this realm is on the same server, but has it's own directory
and it's own stashed master key (.k5.ROSPA.CA versus
..k5.SEEKINGFIRE.PRV).

I have multiple copies of both on-line and tape backups of the stashed
master key ... and the md5sum on all of them agree with each other (and
the "real" version!). Both the tape and on-line backups have versions
ancient enough that they predate this problem by months.

Any ideas as to what might be causing this or how I might go about
trouble shooting it?

-T



Background information:

[root@pluto sbin]# uname -a
FreeBSD pluto.seekingfire.prv 4.9-RC FreeBSD 4.9-RC #0: Tue Sep 30 23:40:54 CST 2003 toor@athena.seekingfire.prv:/usr/obj/usr/src/sys/PLUTO  i386

[root@pluto sbin]# portversion -v | grep krb5
krb5-1.3.1                  =  up-to-date with port

(I upgraded from 1.2.x semi-recently - I suspect the upgrade may be part
 of the problem, though I cna't justify that feeling empirically.)


-- 
"The real question is not whether machines think but whether men do."
	- B. F. Skinner, _Contingencies of Reinforcement_
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
10/27/2003 5:50:23 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

2 Replies
465 Views

Similar Articles

[PageSpeed] 34

Did you upgrade from 1.2.x to 1.3.1 between now and when things
stopped working?  If so, the default master key enctype for 1.3.1 is
different from the enctype for 1.2.x.  So you may need to explicitly
specify the master key enctype in your kdc.conf if you have an old
realm.


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
hartmans (370)
10/27/2003 7:24:11 PM
On Mon, Oct 27, 2003 at 01:25:20PM -0500, Sam Hartman wrote:
> Did you upgrade from 1.2.x to 1.3.1 between now and when things
> stopped working?  If so, the default master key enctype for 1.3.1 is
> different from the enctype for 1.2.x.  So you may need to explicitly
> specify the master key enctype in your kdc.conf if you have an old
> realm.

It's entirely possible and quite likely, though I don't know for sure as
I only discovered the problem yesterday.

Would you point me to a URL to an archived post or a "heads-up"
announcement that I could take a look at for the kdc.conf changes? From
the man page I'm guessing that the tag I want is 'master_key_type' and
that it goes in the '[realms]' section, but I don't know what the old or new
types are.

Thanks,

-T


-- 
Laws to suppress tend to strengthen what they would prohibit.  This is the fine 
point on which all the legal professions of history have based their job 
security.
	- Bene Gesserit Coda
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
10/27/2003 7:54:41 PM
Reply:

Similar Artilces:

Kadmin error: "kadmin: GSS-API (or Kerberos) error while initializing kadmin interface"
Hi There, I'm setting up a test kerberos/afs realm and I'm having a problem with kadmin. kadmin and kadmin.local run fine from the kdc, but kadmin gives the folloowing error when run from another machine: kadmin: GSS-API (or Kerberos) error while initializing kadmin interface The krbadm log shows no output, but kadmin.log on the kdc shows the following: Oct 11 23:15:02 kdc1 kadmind[3821](Notice): Request: kadm5_init, coeadmin/admin@MYREALM.COM, success, client=coeadmin/admin@MYREALM.COM, service=kadmin/admin@MYREALM.COM, addr=x.x.x.191, flavor=300001 I can kinit and everything else from the client, I just can't run kadmin. both client and server are RHEL4 with MIT krb5-1.5.1. compiled from source. I get the same error using RedHat's kadmin and the source-compiled one. kdc1 is the server and as1 is the client # on kdc kadmin: listprincs K/M@MYREALM.COM coeadmin/admin@MYREALM.COM host/as1.myrealm.com@MYREALM.COM host/kdc1.myrealm.com@MYREALM.COM kadmin/admin@MYREALM.COM kadmin/kdc1.myrealm.com@MYREALM.COM kadmin/changepw@MYREALM.COM kadmin/history@MYREALM.COM krbtgt/MYREALM.COM@MYREALM.COM I had fixed a previous error about not having kadmin/kdc.myrealm.com in the DB by adding the service principal. Now I have no errors in any of the logs, just an error on the console when I run kadmin What am I missing? Jason Edgecombe Solaris & Linux Administrator Mosaic Computing Group, College of Engineering UNC-Charlotte Phone: (704) 687-3514 ______________...

kadmin and other errors: "Master key does not match database while initializing ..."
My Kadmin daemon will no longer start. It gives me: [root@kdc3 root]# /etc/init.d/kadmin start Starting Kerberos 5 Admin Server: kadmind: Master key does not match database while initializing, aborting I get a similar error when I do "krb5_util dump file.dump". From the Kerberos FAQ it sounds like a problem with my kerberos database but I didn't find any references on how to fix it. Can someone point me in the right direction? This is Fedora Core 1. Let me know what other relevant information might provide useful. Thanks Austin ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos >>>>> "godber" == Austin Godber <godber@mars.asu.edu> writes: godber> My Kadmin daemon will no longer start. It gives me: godber> [root@kdc3 root]# /etc/init.d/kadmin start godber> Starting Kerberos 5 Admin Server: kadmind: Master key does not match godber> database while initializing, aborting godber> I get a similar error when I do "krb5_util dump file.dump". godber> From the Kerberos FAQ it sounds like a problem with my kerberos godber> database but I didn't find any references on how to fix it. Can godber> someone point me in the right direction? godber> This is Fedora Core 1. Let me know what other relevant information godber> might provide useful. This is not really enough information to f...

Migrating database between architectures: "Stored master key is corrupted"
Howdy, I'm attempting to move an MIT krb5 database from an older Intel (32-bit x86) machine running FreeBSD -current and krb5-1.3.4 to a SparcStation 10 (32-bit Sparc) running NetBSD -current mit-krb5-1.3.4nb1. I believe that everything is working as far as the infrastructure is concerned (boot scripts, etc), but I'm unable to start the kdc daemon on the sparc: [root@surya /var/krb5kdc]# cat /var/log/krb5kdc.log krb5kdc: Stored master key is corrupted - while fetching master key K/M for realm (blah ...) I've scp'ed the master key across, and md5'ed it to confirm that it arrived undamaged. It looks fine. Is there a chance that the problem is with endianness? Assuming that it is, is there a way to convert the stashed master key? TIA for your time and assistance, - Tillman -- Page 38: Be sure that, in the excitement of creating a totally rad password, you resist the temptation to tell someone just to show off how smart you are. - Harley Hahn, _The Unix Companion_ ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos The stash file is byte order dependent. This is painfully stupid, but none the less true. If you know your master passwerd you can run kdb5_util stash again. If not, you can swap around the bytes of the key length in your favorite binary file editor. ________________________________________________ Kerberos mailing list Kerbero...

"""""""""ADD ME""""""""""
Hi , Hope you are doing great. Please let me take this opportunity to introduce myself, Iam Karthik working with BhanInfoi Inc, a NY based company. We have consultants on our bench on various technologies, my request is to add me to your distribution list and kindly do send me the requirements. i have the below list available 1. Mainframe 2. Java 3.. Financial Analyst 4. Data Architect If there is any vendor ship agreement which has to be signed then I would like to take an opportunity to represent my company and expect your cooperation... ...

Urgent Requirement in """""""""""""NEW YORK""""""""""""""""
Hello Partners, Please find the requirement below. Please send the updated resume along with rate and contact no. REQ#1: Title : Java Developer ( Rating Project) Duration : 6 months Rate : open Location : NY strong java, WebLogic 9.2, Web Services, Oracle REQ#2: Title : Java Developer Duration : 4 months Rate : open Location : NY Strong java, SQL REQ#3: Title : VB.Net Consultant Location : NY Duration : 4 months Rate : open Primarily looking at someone who has Excel, VB.net and Oracle (good to have). Req #4: Title : Java Developer (MSA Project) Duration : 6+ months Rate : open Location : NY Note : Please send your updated resume along with contact no karthik@bhaninfo.com : No phone calls please. Thanks & Regards Karthik BhanInfo karthik@bhaninfo.com ...

about "++" and "--"
why this program snippet display "8,7,7,8,-7,-8" the program is: main() { int i=8; printf("%d\n%d\n%d\n%d\n%d\n%d\n",++i,--i,i++,i--,-i++,-i--); } > why this program snippet display "8,7,7,8,-7,-8" Ask your compiler-vendor because this result is IMHO implementation-defined. Check this out: http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.15 http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.16 Regards, Irina Marudina fxc123@gmail.com wrote: > why this program snippet display "8,7,7,8,-7,-8&q...

why "::", not "."
Why does the method of modules use a dot, and the constants a double colon? e.g. Math::PI and Math.cos -- Posted via http://www.ruby-forum.com/. On Oct 26, 2010, at 01:48 , Oleg Igor wrote: > Why does the method of modules use a dot, and the constants a double > colon? > e.g. > Math::PI and Math.cos For the same reason why inner-classes/modules use double colon, because = they're constants and that's how you look up via constant namespace. Math::PI and ActiveRecord::Base are the same type of lookup... it is = just that Base is a module and PI is a float....

"or" and "and"
Hi, I'm just getting to discover ruby, but I find it very nice programming language. I just still don't understand how the "or" and "and" in ruby... I was playing with ruby and for example made a def to print Stem and Leaf plot (for those who didn't have a statistics course or slept on it, e.g. http://cnx.org/content/m10157/latest/) Here is the Beta version of it: class Array def n ; self.size ; end def stem_and_leaf(st = 1) # if st != (2 or 5 or 10) then ; st = 1 ; end k = Hash.new(0) self.each {|x| k[x.to_f] += 1 } k = k.sort{|a, b| a[0].to_f <=&g...

"If then; if then;" and "If then; if;"
I have a raw data set which is a hierarchical file: H 321 s. main st P Mary E 21 F P william m 23 M P Susan K 3 F H 324 S. Main St I use the folowing code to read the data to creat one observation per detail(P) record including hearder record(H): data test; infile 'C:\Documents and Settings\retain.txt'; retain Address; input type $1. @; if type='H' then input @3 Address $12.; if type='P' then input @3 Name $10. @13 Age 3. @16 Gender $1.; run; but the output is not what I want: 1 321 s. main H 2 321 s. main P Mary E 21 F 3 321 s...

"my" and "our"
Hi, while testing a program, I erroneously declared the same variable twice within a block, the first time with "my", the second time with "our": { my $fz = 'VTX_Link'; .... ( around 200 lines of code, all in the same block) our $fz = 'VTX_Linkset'; ... } So the initial contents of the $fz declared with "my" is lost, because "our" creates a lexical alias for the global $fz, thus overwriting the previous "my" declaration. It was my error, no question. But I wonder why Perl doesn't mention this - even with "use s...

"out" and "in out"
Hi i found the following explaination: In Ada, "in" parameters are similar to C++ const parameters. They are effectively read-only within the scope of the called subprogram. Ada "in out" parameters have a reliable initial value (that passed in from the calling subprogram) and may be modified within the scope of the called procedure. Ada "out" parameters have no reliable initial value, but are expected to be assigned a value within the called procedure. What does "have no reliable initial value" mean when considering the "out" parameter? By c...

"/a" is not "/a" ?
Hi everybody, while testing a module today I stumbled on something that I can work around but I don't quite understand. >>> a = "a" >>> b = "a" >>> a == b True >>> a is b True >>> c = "/a" >>> d = "/a" >>> c == d True # all good so far >>> c is d False # eeeeek! Why c and d point to two different objects with an identical string content rather than the same object? Manu Emanuele D'Arrigo wrote: >>>> c = "/a" >>>&...

"In" "Out" and "Trash"
I just bought a new computer and I re-installed Eudora Light on my new computer. But when I open Eudora, the "In", "Out" and "Trash" links are not on the left side of the screen the way they were on my old computer. How can I get these links back on the left side of the screen? Thank you. On 25 Mar 2007 09:49:22 -0700, "abx" <abfunex@yahoo.com> wrote: >I just bought a new computer and I re-installed Eudora Light on my new >computer. But when I open Eudora, the "In", "Out" and "Trash" links >are ...

Does it need a ";" at the very after of "if" and "for"
write code like: int main(void) { int a=10; if(a<20) {} } Compiler ok on dev-cpp . don't we have to add a ";" after if statement? marsarden said: > write code like: > > int main(void) > { > int a=10; > if(a<20) > {} > } > > Compiler ok on dev-cpp . don't we have to add a ";" after if > statement? The syntax for 'if' is: if(expression) statement There is no semicolon after the ) but before the statement. The statement is either a normal statement (which can be empty), ending in a semicolon:- if(expr) ...

A problem about "[ ]" "( )" "="
I want to read several images saved in a director,and give them to I1,I2 ,I3....,using the following codes: filelist=dir(['c:\MATLAB701\work\...\*.jpg']); for i=1 :length(filelist) I=imread(fullfile('c:\MATLAB701\work\...',filelist(i).name)); end; but failed. Then I used I(i)=imread... ,still failed. How could I do? "John" <mailofww@126.com> wrote in message news:ef19e12.-1@webx.raydaftYaTP... >I want to read several images saved in a director,and give them to > I1,I2 ,I3....,using the following codes: > filelist=dir(['c:\MATLAB701\work\.....

"value" to find a "key"
Is there such a "Map" in java I can easily trace the key by its value, assuming the values are also unique ? John, John wrote: > > Is there such a "Map" in java I can easily trace the key by its value, > assuming the values are also unique ? Not that I know of. You could always use two Maps, one for name-to-phone and the other for phone-to-name. If you happen to know *for certain* that names and numbers are never alike, you could use a single Map and enter each item twice, once as name-and-phone and once as phone-and-name. -- Eric.Sosman@sun.com ...

"IX" as shorthand for "Interface"
I'm writing a bunch of classes that have "Interface" in the name and find that the length of the subsequent names is starting to get in the way of readability (I don't really care about saving keystrokes). Is "IX" conventional enough to use in place of "Interface" in a class name? Thanks! -eric Eric Snow <ericsnowcurrently@gmail.com> writes: > I'm writing a bunch of classes that have "Interface" in the name and > find that the length of the subsequent names is starting to get in the > way of readability (I don't really...

interface "Matlab" with "Ansys" ??
Did any body know how to interface "Matlab" with "Ansys" ?? I am having matlab optimization code. but,how to interface it with ANSYS I don't no. pl,guide me to solve my problem . with regards Sampath Kumar L Mob :- 9591488258 "Sampath Kumar" <samathkmr.ln@gmail.com> wrote in message <ilkgbg$i5v$1@fred.mathworks.com>... > Did any body know how to interface "Matlab" with "Ansys" ?? I am having matlab optimization code. but,how to interface it with ANSYS I don't no. pl,guide me to solve my problem . > > with regard...

"CS" or "Master and Slave"?
My eMachine 1860, running WXP, has been flakey on boot for a year now; once it is on it is fine, but it hands on boot about 20% of the time. Monday it simply wouldn't come up, hanging on "IOM.SYS" everytime. I took it in to the shop. They found a cable was nicked and the jumpers were wrong. They set them to Master and Slave. Now all is well. However, I checked the manual and it says to set the jumpers to "CS". The shop says the manual is wrong. Does it matter as long as the machine is working? Presumably the nicked cable was the problem the whole time...

Re: "NullPointerException" from "initialize()"
Hi Boldoo, I see no apparent reason why you would get a NullPointerException. Perhaps the cause of the exception is further down the stack trace? Do you have a complete test case? It is a little odd that you are sending data during initialize() though. Can you use the regular Ptolemy Parameter facility? Ptolemy II 6.0.2 includes Publish and Subscribe actors which might help you here. _Christopher -------- Hi hackers, I'm trying to make an (composite) actor that contains a variable "nextEventNode". This variable must get its initial...

Urgent JAVA Requirement in """"""NEW YORK"""""""""
Hello Partners, How are you ? Please find the requirement below. Location : NY Duration : 8 mnths Rate :Open Job description: Java/J2EE Web Service Developer =B7 (4+ years of application development experience in Java/J2EE and Web service technologies. =B7 Experience with spring & Hibernate. =B7 Experience with J2EE Application Server (preferably Web logic). =B7 Preferable Aqua logic DSP Experience =B7 Preferable Sonic ESB Composite Service experience Experience w...

Protocol specific error code(s): "*", "*", "0".
I am using the ibm_db2 PECL drive in PHP for connecting to or DB2 database. I created a persistent connection and things seemed to work fine at first. However, after a few tests / connections, I started to get this error when running through my queries: [IBM][CLI Driver] SQL30081N A communication error has been detected. Communication protocol being used: "TCP/IP". Communication API being used: "SOCKETS". Location where the error was detected: "10.26.243.61". Communication function detecting the error: "recv". Protocol specific error code(s): "*", "*", "0". SQLSTATE=08001 SQLCODE=-30081 Any help would be great, thanks! On Feb 13, 8:44 am, "Brent Halsey" <brent.hal...@gmail.com> wrote: > I am using the ibm_db2 PECL drive in PHP for connecting to or DB2 > database. I created a persistent connection and things seemed to work > fine at first. However, after a few tests / connections, I started to > get this error when running through my queries: [IBM][CLI Driver] > SQL30081N A communication error has been detected. Communication > protocol being used: "TCP/IP". Communication API being used: > "SOCKETS". Location where the error was detected: "10.26.243.61". > Communication function detecting the error: "recv". Protocol specific > error code(s): "*", "*", "0". SQLSTATE=0800...

Question about "sprintf" "@" "do for"
Hello, this works: A1=3D1 A2=3D2 A3=3D3 i=3D1 vari=3Dsprintf("A%.f",i) print vari,"=3D",@vari i=3Di+1 vari=3Dsprintf("A%.f",i) print vari,"=3D",@vari i=3Di+1 vari=3Dsprintf("A%.f",i) print vari,"=3D",@vari do for [i=3D1:3]{ vari=3Dsprintf("A%.f",i) print vari } But I want to have "print vari,"=3D",@vari" in the loop. But it dosen't=20 work. Why can't I use "print vari,"=3D",@vari" in the loop? Is there a=20 solution for? J=C3=B6rg Jörg ...

Gary Sokolich """"""
"""""""""" http://www.manta.com/c/mmlq5dm/w-gary-sokolich W Gary Sokolich 801 Kings Road Newport Beach, CA 92663-5715 (949) 650-5379 http://www.tbpe.state.tx.us/da/da022808.htm TEXAS BOARD OF PROFESSIONAL ENGINEERS February 28, 2008 Board Meeting Disciplinary Actions W. Gary Sokolich , Newport Beach, California �V File B-29812 - It was alleged that Dr. Sokolich unlawfully offered or attempted to practice engineering in Texas (...) Dr. Sokolich chose to end the proceedings by signing a Consent Order that was accepted by ...

Web resources about - "Stored master key is corrupted while initializing kadmin.local interface" - comp.protocols.kerberos

Resources last updated: 3/10/2016 11:18:13 PM