f



Migrating database between architectures: "Stored master key is corrupted"

Howdy,

I'm attempting to move an MIT krb5 database from an older Intel
(32-bit x86) machine running FreeBSD -current and krb5-1.3.4 to a
SparcStation 10 (32-bit Sparc) running NetBSD -current
mit-krb5-1.3.4nb1.

I believe that everything is working as far as the infrastructure is
concerned (boot scripts, etc), but I'm unable to start the kdc daemon on
the sparc:

[root@surya /var/krb5kdc]# cat /var/log/krb5kdc.log
krb5kdc: Stored master key is corrupted - while fetching master key K/M for realm (blah ...)

I've scp'ed the master key across, and md5'ed it to confirm that it
arrived undamaged. It looks fine.

Is there a chance that the problem is with endianness? Assuming that it
is, is there a way to convert the stashed master key?

TIA for your time and assistance,

- Tillman


-- 
Page 38: Be sure that, in the excitement of creating a totally rad
password, you resist the temptation to tell someone just to show off how
smart you are.
	- Harley Hahn, _The Unix Companion_
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
8/26/2004 8:36:23 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

4 Replies
548 Views

Similar Articles

[PageSpeed] 47

The stash file is byte order dependent.  This is painfully stupid, but
none the less true.

If you know your master passwerd you can run kdb5_util stash again.  

If not, you can swap around the bytes of the key length in your
favorite binary file editor.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
hartmans (370)
8/26/2004 8:50:33 PM
On Thu, Aug 26, 2004 at 04:34:00PM -0400, Sam Hartman wrote:
> The stash file is byte order dependent.  This is painfully stupid, but
> none the less true.

At least it's fairly obvious -- my first guess as to the cause was
actually right ;-)

> If you know your master passwerd you can run kdb5_util stash again.  

Hmmm. That solves the problem for /one/ of the realms ...

> If not, you can swap around the bytes of the key length in your
> favorite binary file editor.

For anyone else digging through the archives (Hello groups.google.com!),
it's bytes 3 through 6. Change CDAB to ABCD (metaphorically speaking)
using something like `vim -b`. Additionally, I had to swap bytes 1 and
2 (the keytype). More details in src/lib/kdb/fetch_mkey.c.

I haven't done any real testing of it, but krb5kdc starts without errors
now.

Thanks,

-T


-- 
When you ask a question, do you truly want to know the answer, or are you 
merely flaunting your power?
	- Dmitri Harkonnen, Notes to My Sons
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
8/26/2004 9:58:54 PM
On Thu, Aug 26, 2004 at 03:44:30PM -0600, Tillman Hodgson wrote:
> On Thu, Aug 26, 2004 at 04:34:00PM -0400, Sam Hartman wrote:
> > If not, you can swap around the bytes of the key length in your
> > favorite binary file editor.
> 
> For anyone else digging through the archives (Hello groups.google.com!),
> it's bytes 3 through 6. Change CDAB to ABCD (metaphorically speaking)
> using something like `vim -b`. Additionally, I had to swap bytes 1 and
> 2 (the keytype). More details in src/lib/kdb/fetch_mkey.c.
> 
> I haven't done any real testing of it, but krb5kdc starts without errors
> now.

However, kadmind doesn't seem to want to start. The log file contains
only:

 Aug 26 16:32:34 surya.seekingfire.prv kadmind[6458](info): Seeding random number generator

I never get a line like the following from the original KDC:

 Aug 19 22:26:17 pluto.seekingfire.prv kadmind[138](info): starting

And the RCng script just seems to hang with:

 # /etc/rc.d/mit-kadmin start
 Starting kadmind.

kadmind is running, but not consuming any real CPU time:

 root 14031  0.0  1.0   96  1240 p0 I+    4:37PM  0:00.14 /usr/pkg/sbin/kadmind

While it's running, it doesn't appear to be finished it's startup. If I
kadmin to it I get:

 kadmin: Communication failure with server while initializing kadmin interface

Google is failing me for this. Where should I be looking for this sort
of problem?

Thanks,

-T


-- 
A: Because it reverses the logical flow of conversation.
Q: Why is putting a reply at the top of the message frowned upon?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
8/26/2004 11:09:37 PM
On Thu, Aug 26, 2004 at 04:53:28PM -0600, Tillman Hodgson wrote:
> However, kadmind doesn't seem to want to start. The log file contains
> only:
> 
>  Aug 26 16:32:34 surya.seekingfire.prv kadmind[6458](info): Seeding random number generator

My mistake. NetBSD on a machine with no real activity rapidly runs out
of entrophy. I ran `rndctl -c -t net && rndctl -e -t net` in order to
enable deriving entrophy from the network and it was able to start
(though it's still a noticable multiple-second delay).

-T


-- 
"And 1.1.81 is officially BugFree(tm), so if you receive any bug-reports on
 it, you know they are just evil lies."
    -- Linus Torvalds
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

0
8/27/2004 6:31:38 PM
Reply: