f



Migrating database between architectures: "Stored master key is corrupted"

Howdy,

I'm attempting to move an MIT krb5 database from an older Intel
(32-bit x86) machine running FreeBSD -current and krb5-1.3.4 to a
SparcStation 10 (32-bit Sparc) running NetBSD -current
mit-krb5-1.3.4nb1.

I believe that everything is working as far as the infrastructure is
concerned (boot scripts, etc), but I'm unable to start the kdc daemon on
the sparc:

[root@surya /var/krb5kdc]# cat /var/log/krb5kdc.log
krb5kdc: Stored master key is corrupted - while fetching master key K/M for realm (blah ...)

I've scp'ed the master key across, and md5'ed it to confirm that it
arrived undamaged. It looks fine.

Is there a chance that the problem is with endianness? Assuming that it
is, is there a way to convert the stashed master key?

TIA for your time and assistance,

- Tillman


-- 
Page 38: Be sure that, in the excitement of creating a totally rad
password, you resist the temptation to tell someone just to show off how
smart you are.
	- Harley Hahn, _The Unix Companion_
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
8/26/2004 8:36:23 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

4 Replies
535 Views

Similar Articles

[PageSpeed] 26

The stash file is byte order dependent.  This is painfully stupid, but
none the less true.

If you know your master passwerd you can run kdb5_util stash again.  

If not, you can swap around the bytes of the key length in your
favorite binary file editor.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
hartmans (370)
8/26/2004 8:50:33 PM
On Thu, Aug 26, 2004 at 04:34:00PM -0400, Sam Hartman wrote:
> The stash file is byte order dependent.  This is painfully stupid, but
> none the less true.

At least it's fairly obvious -- my first guess as to the cause was
actually right ;-)

> If you know your master passwerd you can run kdb5_util stash again.  

Hmmm. That solves the problem for /one/ of the realms ...

> If not, you can swap around the bytes of the key length in your
> favorite binary file editor.

For anyone else digging through the archives (Hello groups.google.com!),
it's bytes 3 through 6. Change CDAB to ABCD (metaphorically speaking)
using something like `vim -b`. Additionally, I had to swap bytes 1 and
2 (the keytype). More details in src/lib/kdb/fetch_mkey.c.

I haven't done any real testing of it, but krb5kdc starts without errors
now.

Thanks,

-T


-- 
When you ask a question, do you truly want to know the answer, or are you 
merely flaunting your power?
	- Dmitri Harkonnen, Notes to My Sons
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
8/26/2004 9:58:54 PM
On Thu, Aug 26, 2004 at 03:44:30PM -0600, Tillman Hodgson wrote:
> On Thu, Aug 26, 2004 at 04:34:00PM -0400, Sam Hartman wrote:
> > If not, you can swap around the bytes of the key length in your
> > favorite binary file editor.
> 
> For anyone else digging through the archives (Hello groups.google.com!),
> it's bytes 3 through 6. Change CDAB to ABCD (metaphorically speaking)
> using something like `vim -b`. Additionally, I had to swap bytes 1 and
> 2 (the keytype). More details in src/lib/kdb/fetch_mkey.c.
> 
> I haven't done any real testing of it, but krb5kdc starts without errors
> now.

However, kadmind doesn't seem to want to start. The log file contains
only:

 Aug 26 16:32:34 surya.seekingfire.prv kadmind[6458](info): Seeding random number generator

I never get a line like the following from the original KDC:

 Aug 19 22:26:17 pluto.seekingfire.prv kadmind[138](info): starting

And the RCng script just seems to hang with:

 # /etc/rc.d/mit-kadmin start
 Starting kadmind.

kadmind is running, but not consuming any real CPU time:

 root 14031  0.0  1.0   96  1240 p0 I+    4:37PM  0:00.14 /usr/pkg/sbin/kadmind

While it's running, it doesn't appear to be finished it's startup. If I
kadmin to it I get:

 kadmin: Communication failure with server while initializing kadmin interface

Google is failing me for this. Where should I be looking for this sort
of problem?

Thanks,

-T


-- 
A: Because it reverses the logical flow of conversation.
Q: Why is putting a reply at the top of the message frowned upon?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
8/26/2004 11:09:37 PM
On Thu, Aug 26, 2004 at 04:53:28PM -0600, Tillman Hodgson wrote:
> However, kadmind doesn't seem to want to start. The log file contains
> only:
> 
>  Aug 26 16:32:34 surya.seekingfire.prv kadmind[6458](info): Seeding random number generator

My mistake. NetBSD on a machine with no real activity rapidly runs out
of entrophy. I ran `rndctl -c -t net && rndctl -e -t net` in order to
enable deriving entrophy from the network and it was able to start
(though it's still a noticable multiple-second delay).

-T


-- 
"And 1.1.81 is officially BugFree(tm), so if you receive any bug-reports on
 it, you know they are just evil lies."
    -- Linus Torvalds
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
8/27/2004 6:31:38 PM
Reply:

Similar Artilces:

"Stored master key is corrupted while initializing kadmin.local interface"
Howdy folks, I'm running an MIT KDC for two small realms (a few dozen principals each) on FreeBSD 4-STABLE for i386. I haven't tried to manipulate any principals via the kadmin interface ia a while (probably two weeks), and when I tried it recently I ran across an unusual problem: kadmind wasn't running. Thinking that that was unusual, but not a bit deal, I attempted to fire up kadmind: # /usr/local/krb5/sbin/kadmind -r SEEKINGFIRE.PRV kadmind: Stored master key is corrupted while initializing, aborting Oh, that's not good. So I tried via via kadmin.local (which should give the same result, I know): # /usr/local/krb5/sbin/kadmin.local Authenticating as principal tillman/admin@SEEKINGFIRE.PRV with password. kadmin.local: Stored master key is corrupted while initializing kadmin.local interface That's definitely not working. krb5kdc is running and working fine, but without kadmin I'm probably headed for trouble :-) So I thought I'd try my other realm. I skipped the kadmind and went straight to kadmin.local: # /usr/local/krb5/sbin/kadmin.local -r ROSPA.CA Authenticating as principal tillman/admin@SEEKINGFIRE.PRV with password. kadmin.local: Stored master key is corrupted while initializing kadmin.local interface Note that this realm is on the same server, but has it's own directory and it's own stashed master key (.k5.ROSPA.CA versus ..k5.SEEKINGFIRE.PRV). I have multiple copies of both on-line and tape backups of the stashed master k...

"""""""""ADD ME""""""""""
Hi , Hope you are doing great. Please let me take this opportunity to introduce myself, Iam Karthik working with BhanInfoi Inc, a NY based company. We have consultants on our bench on various technologies, my request is to add me to your distribution list and kindly do send me the requirements. i have the below list available 1. Mainframe 2. Java 3.. Financial Analyst 4. Data Architect If there is any vendor ship agreement which has to be signed then I would like to take an opportunity to represent my company and expect your cooperation... ...

Urgent Requirement in """""""""""""NEW YORK""""""""""""""""
Hello Partners, Please find the requirement below. Please send the updated resume along with rate and contact no. REQ#1: Title : Java Developer ( Rating Project) Duration : 6 months Rate : open Location : NY strong java, WebLogic 9.2, Web Services, Oracle REQ#2: Title : Java Developer Duration : 4 months Rate : open Location : NY Strong java, SQL REQ#3: Title : VB.Net Consultant Location : NY Duration : 4 months Rate : open Primarily looking at someone who has Excel, VB.net and Oracle (good to have). Req #4: Title : Java Developer (MSA Project) Duration : 6+ months Rate : open Location : NY Note : Please send your updated resume along with contact no karthik@bhaninfo.com : No phone calls please. Thanks & Regards Karthik BhanInfo karthik@bhaninfo.com ...

"/a" is not "/a" ?
Hi everybody, while testing a module today I stumbled on something that I can work around but I don't quite understand. >>> a = "a" >>> b = "a" >>> a == b True >>> a is b True >>> c = "/a" >>> d = "/a" >>> c == d True # all good so far >>> c is d False # eeeeek! Why c and d point to two different objects with an identical string content rather than the same object? Manu Emanuele D'Arrigo wrote: >>>> c = "/a" >>>&...

"my" and "our"
Hi, while testing a program, I erroneously declared the same variable twice within a block, the first time with "my", the second time with "our": { my $fz = 'VTX_Link'; .... ( around 200 lines of code, all in the same block) our $fz = 'VTX_Linkset'; ... } So the initial contents of the $fz declared with "my" is lost, because "our" creates a lexical alias for the global $fz, thus overwriting the previous "my" declaration. It was my error, no question. But I wonder why Perl doesn't mention this - even with "use s...

about "++" and "--"
why this program snippet display "8,7,7,8,-7,-8" the program is: main() { int i=8; printf("%d\n%d\n%d\n%d\n%d\n%d\n",++i,--i,i++,i--,-i++,-i--); } > why this program snippet display "8,7,7,8,-7,-8" Ask your compiler-vendor because this result is IMHO implementation-defined. Check this out: http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.15 http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.16 Regards, Irina Marudina fxc123@gmail.com wrote: > why this program snippet display "8,7,7,8,-7,-8&q...

"or" and "and"
Hi, I'm just getting to discover ruby, but I find it very nice programming language. I just still don't understand how the "or" and "and" in ruby... I was playing with ruby and for example made a def to print Stem and Leaf plot (for those who didn't have a statistics course or slept on it, e.g. http://cnx.org/content/m10157/latest/) Here is the Beta version of it: class Array def n ; self.size ; end def stem_and_leaf(st = 1) # if st != (2 or 5 or 10) then ; st = 1 ; end k = Hash.new(0) self.each {|x| k[x.to_f] += 1 } k = k.sort{|a, b| a[0].to_f <=&g...

"If then; if then;" and "If then; if;"
I have a raw data set which is a hierarchical file: H 321 s. main st P Mary E 21 F P william m 23 M P Susan K 3 F H 324 S. Main St I use the folowing code to read the data to creat one observation per detail(P) record including hearder record(H): data test; infile 'C:\Documents and Settings\retain.txt'; retain Address; input type $1. @; if type='H' then input @3 Address $12.; if type='P' then input @3 Name $10. @13 Age 3. @16 Gender $1.; run; but the output is not what I want: 1 321 s. main H 2 321 s. main P Mary E 21 F 3 321 s...

"out" and "in out"
Hi i found the following explaination: In Ada, "in" parameters are similar to C++ const parameters. They are effectively read-only within the scope of the called subprogram. Ada "in out" parameters have a reliable initial value (that passed in from the calling subprogram) and may be modified within the scope of the called procedure. Ada "out" parameters have no reliable initial value, but are expected to be assigned a value within the called procedure. What does "have no reliable initial value" mean when considering the "out" parameter? By c...

why "::", not "."
Why does the method of modules use a dot, and the constants a double colon? e.g. Math::PI and Math.cos -- Posted via http://www.ruby-forum.com/. On Oct 26, 2010, at 01:48 , Oleg Igor wrote: > Why does the method of modules use a dot, and the constants a double > colon? > e.g. > Math::PI and Math.cos For the same reason why inner-classes/modules use double colon, because = they're constants and that's how you look up via constant namespace. Math::PI and ActiveRecord::Base are the same type of lookup... it is = just that Base is a module and PI is a float....

A problem about "[ ]" "( )" "="
I want to read several images saved in a director,and give them to I1,I2 ,I3....,using the following codes: filelist=dir(['c:\MATLAB701\work\...\*.jpg']); for i=1 :length(filelist) I=imread(fullfile('c:\MATLAB701\work\...',filelist(i).name)); end; but failed. Then I used I(i)=imread... ,still failed. How could I do? "John" <mailofww@126.com> wrote in message news:ef19e12.-1@webx.raydaftYaTP... >I want to read several images saved in a director,and give them to > I1,I2 ,I3....,using the following codes: > filelist=dir(['c:\MATLAB701\work\.....

"In" "Out" and "Trash"
I just bought a new computer and I re-installed Eudora Light on my new computer. But when I open Eudora, the "In", "Out" and "Trash" links are not on the left side of the screen the way they were on my old computer. How can I get these links back on the left side of the screen? Thank you. On 25 Mar 2007 09:49:22 -0700, "abx" <abfunex@yahoo.com> wrote: >I just bought a new computer and I re-installed Eudora Light on my new >computer. But when I open Eudora, the "In", "Out" and "Trash" links >are ...

Does it need a ";" at the very after of "if" and "for"
write code like: int main(void) { int a=10; if(a<20) {} } Compiler ok on dev-cpp . don't we have to add a ";" after if statement? marsarden said: > write code like: > > int main(void) > { > int a=10; > if(a<20) > {} > } > > Compiler ok on dev-cpp . don't we have to add a ";" after if > statement? The syntax for 'if' is: if(expression) statement There is no semicolon after the ) but before the statement. The statement is either a normal statement (which can be empty), ending in a semicolon:- if(expr) ...

Can I replicate database "foo" to database "bar"
Let's say that I have two servers, server M with database "foo" and server S with database "bar", with full control over them. Can I set up replication so that "foo" is replicated into "bar". (the issue is that I have many masters with the same database name foo, and I want to have one slave server with databases like foo-1, foo-2 etc, replicated from all those masters) i On 14 Aug, 22:55, Ignoramus32732 <ignoramus32...@NOSPAM.32732.invalid> wrote: > Let's say that I have two servers, server M with database "foo" and > se...

"CS" or "Master and Slave"?
My eMachine 1860, running WXP, has been flakey on boot for a year now; once it is on it is fine, but it hands on boot about 20% of the time. Monday it simply wouldn't come up, hanging on "IOM.SYS" everytime. I took it in to the shop. They found a cable was nicked and the jumpers were wrong. They set them to Master and Slave. Now all is well. However, I checked the manual and it says to set the jumpers to "CS". The shop says the manual is wrong. Does it matter as long as the machine is working? Presumably the nicked cable was the problem the whole time...

"value" to find a "key"
Is there such a "Map" in java I can easily trace the key by its value, assuming the values are also unique ? John, John wrote: > > Is there such a "Map" in java I can easily trace the key by its value, > assuming the values are also unique ? Not that I know of. You could always use two Maps, one for name-to-phone and the other for phone-to-name. If you happen to know *for certain* that names and numbers are never alike, you could use a single Map and enter each item twice, once as name-and-phone and once as phone-and-name. -- Eric.Sosman@sun.com ...

kadmin and other errors: "Master key does not match database while initializing ..."
My Kadmin daemon will no longer start. It gives me: [root@kdc3 root]# /etc/init.d/kadmin start Starting Kerberos 5 Admin Server: kadmind: Master key does not match database while initializing, aborting I get a similar error when I do "krb5_util dump file.dump". From the Kerberos FAQ it sounds like a problem with my kerberos database but I didn't find any references on how to fix it. Can someone point me in the right direction? This is Fedora Core 1. Let me know what other relevant information might provide useful. Thanks Austin ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos >>>>> "godber" == Austin Godber <godber@mars.asu.edu> writes: godber> My Kadmin daemon will no longer start. It gives me: godber> [root@kdc3 root]# /etc/init.d/kadmin start godber> Starting Kerberos 5 Admin Server: kadmind: Master key does not match godber> database while initializing, aborting godber> I get a similar error when I do "krb5_util dump file.dump". godber> From the Kerberos FAQ it sounds like a problem with my kerberos godber> database but I didn't find any references on how to fix it. Can godber> someone point me in the right direction? godber> This is Fedora Core 1. Let me know what other relevant information godber> might provide useful. This is not really enough information to f...

Urgent JAVA Requirement in """"""NEW YORK"""""""""
Hello Partners, How are you ? Please find the requirement below. Location : NY Duration : 8 mnths Rate :Open Job description: Java/J2EE Web Service Developer =B7 (4+ years of application development experience in Java/J2EE and Web service technologies. =B7 Experience with spring & Hibernate. =B7 Experience with J2EE Application Server (preferably Web logic). =B7 Preferable Aqua logic DSP Experience =B7 Preferable Sonic ESB Composite Service experience Experience w...

Protocol specific error code(s): "*", "*", "0".
I am using the ibm_db2 PECL drive in PHP for connecting to or DB2 database. I created a persistent connection and things seemed to work fine at first. However, after a few tests / connections, I started to get this error when running through my queries: [IBM][CLI Driver] SQL30081N A communication error has been detected. Communication protocol being used: "TCP/IP". Communication API being used: "SOCKETS". Location where the error was detected: "10.26.243.61". Communication function detecting the error: "recv". Protocol specific error code(s): "*", "*", "0". SQLSTATE=08001 SQLCODE=-30081 Any help would be great, thanks! On Feb 13, 8:44 am, "Brent Halsey" <brent.hal...@gmail.com> wrote: > I am using the ibm_db2 PECL drive in PHP for connecting to or DB2 > database. I created a persistent connection and things seemed to work > fine at first. However, after a few tests / connections, I started to > get this error when running through my queries: [IBM][CLI Driver] > SQL30081N A communication error has been detected. Communication > protocol being used: "TCP/IP". Communication API being used: > "SOCKETS". Location where the error was detected: "10.26.243.61". > Communication function detecting the error: "recv". Protocol specific > error code(s): "*", "*", "0". SQLSTATE=0800...

Subject: Help needed on "Server not found in Kerberos Database" while using "mod_auth_kerb+Apache"
Hi, My Kerberos Setup is as follows- Kerberos v5 Server- example.domain.com (Linux Box) Kerberos Realm- EXAMPLE.COM Registered User on Kerberos realm- test@EXAMPLE.COM Apache Server(with mod_auth_kerb) can be accessed as: http://apache.domain.com (Linux Box) Now I have added a principal name- HTTP/apache.domain.com@EXAMPLE.COM using the addprinc command. I have generated a keytab file for this principal (using ktadd) and then transferred it to the Apache Server(apache.domain.com). I have pointed to this keytab file in ..htaccess file. Now when I try to access APACHE.DOMAIN.COM:80 through a browser(IE) running on my desktop say CLIENT1.DOMAIN.COM, and give the proper user credentials...it doesnt authenticate. When I look this up in the Kerberos log file (krb5kdc.log) it gives the following messages...for the event- Jul 08 18:52:34 example.domain.com krb5kdc[9797](info): AS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.200.27: ISSUE: authtime 1089292954, etypes {rep=16 tkt=16 ses=16}, test@EXAMPLE.COM for krbtgt/EXAMPLE.COM@EXAMPLE.COM Jul 08 18:52:34 example.domain.com krb5kdc[9797](info): TGS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.200.27: UNKNOWN_SERVER: authtime 1089292954, test@EXAMPLE.COM for krbtgt/REALM1.COM@EXAMPLE.COM, Server not found in Kerberos database Jul 08 18:52:34 example.domain.com krb5kdc[9797](info): TGS_REQ (6 etypes {18 16 23 1 3 2}) 192.168.200.27: UNKNOWN_SERVER: authtime 1089292954, test@EXAMPLE.COM for krbtgt/COM@EXAMPLE.COM, Server not found i...

Question about "sprintf" "@" "do for"
Hello, this works: A1=3D1 A2=3D2 A3=3D3 i=3D1 vari=3Dsprintf("A%.f",i) print vari,"=3D",@vari i=3Di+1 vari=3Dsprintf("A%.f",i) print vari,"=3D",@vari i=3Di+1 vari=3Dsprintf("A%.f",i) print vari,"=3D",@vari do for [i=3D1:3]{ vari=3Dsprintf("A%.f",i) print vari } But I want to have "print vari,"=3D",@vari" in the loop. But it dosen't=20 work. Why can't I use "print vari,"=3D",@vari" in the loop? Is there a=20 solution for? J=C3=B6rg Jörg ...

Gary Sokolich """"""
"""""""""" http://www.manta.com/c/mmlq5dm/w-gary-sokolich W Gary Sokolich 801 Kings Road Newport Beach, CA 92663-5715 (949) 650-5379 http://www.tbpe.state.tx.us/da/da022808.htm TEXAS BOARD OF PROFESSIONAL ENGINEERS February 28, 2008 Board Meeting Disciplinary Actions W. Gary Sokolich , Newport Beach, California �V File B-29812 - It was alleged that Dr. Sokolich unlawfully offered or attempted to practice engineering in Texas (...) Dr. Sokolich chose to end the proceedings by signing a Consent Order that was accepted by ...

puts "\\".gsub("\\", "\\\\")
Hello, I have a mini-ruby quiz. Guess what this line of code writes to the console, then try it for yourself: puts "\\".gsub("\\", "\\\\") Why is that so? Martin From: martinus [mailto:martin.ankerl@gmail.com]=20 # Hello, I have a mini-ruby quiz. Guess what this line of code writes to # the console, then try it for yourself: # puts "\\".gsub("\\", "\\\\") puts "\\".gsub("\\", "\\\\") \ #=3D> nil # Why is that so? faq. escaping the escape in sub/gsub. search the archives. maybe you want somethin...

how use "home key" and "end key" in pine editor ?
I don't know the real name of those key in English but I'm sure you have understood: the both keys near "next page" and "previous page". I wish use them in the pine editor but it doesn't want! It says "Command not found". Thanks you, Joel ...

Web resources about - Migrating database between architectures: "Stored master key is corrupted" - comp.protocols.kerberos

Resources last updated: 3/10/2016 10:57:45 PM