Need help to recover from database corruption
Greg Hudson
ghudson at mit.edu
Fri Nov 18 11:50:31 EST 2016
On 11/18/2016 10:16 AM, June Newman wrote:
> Our KDCs are running CentOS 6.8 and we have the latest kerb
> implementation for Cent 6.
What version of krb5 is that?
> We've tried to work around the corrupt principals by running 'kdb5_util
> dump -recurse' and 'kdb5_util dump -rev' but it has made no difference in
> the dump file.
>
> Does anyone have advice on how we can recover the database? We are working
> in parallel to rebuild from an older backup, but it would be ideal if we
> could recover the more complete database.
The -rev flag didn't work before krb5 1.12, and the -recurse flag
doesn't work until krb5 1.15 (which is still in beta).
I would recommend building krb5 1.15 beta 2 from source with debugging
symbols ("./configure --prefix=/somewhere CFLAGS=-g && make && make
install"), then using the resulting /somewhere/sbin/kdb5_util to do a
database dump with the -recurse flag. If it crashes, that's a bug, so
get a backtrace ("gdb --args /somewhere/sbin/kdb5_util dump -recurse"
"run" "back") and send it to me (personally; no need to flood the list
with debugging details) and we should be able to figure out why and
correct it.
More information about the Kerberos
mailing list