[krbdev.mit.edu #5898] kadmind cannot lock database
natejohn@iu.edu via RT
rt-comment at krbdev.mit.edu
Wed Mar 5 14:38:05 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We are having recurrent problems with kadmind not being able to lock the
kerberos database. When this happens we cannot create, delete or modify
principals.
Here is an example:
kerberos logs:
Feb 27 13:23:58 <kdc> kadmind[17363]: Request: kadm5_create_principal,
<principal>@IU.EDU, Cannot lock database,
client=host/<host>.indiana.edu at IU.EDU, service=kadmin/admin at IU.EDU,
addr=<ipaddr>
available entropy is stuck at 0:
# watch -n 1 cat /proc/sys/kernel/random/entropy_avail
The only solution we've found so far is to reboot the master kdc. We have
a system of redundant kdc's so this doesn't interrupt normal transactions,
but is clearly not an ideal solution.
We're running our KDC's on hardened gentoo linux:
# uname -a
Linux <kdc> 2.4.32-hardened-r6 #1 SMP Mon Oct 30 22:02:46 UTC 2006 i686
Intel(R) Xeon(TM) CPU 2.80GHz GenuineIntel GNU/Linux
I emailed the kerberos list first, as requested here:
http://web.mit.edu/kerberos/contact.html
Please advise, Thanks,
Nate Johnson
- --
* Nate Johnson, Lead Security Engineer, GCIH, GCFA
* University Information Security Office, Indiana University
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)
iEYEARECAAYFAkfMYFQACgkQGQUVGJudcw7tEQCfYzXDteGh9GxOC1H74JI8ifob
hfMAoINBSFYQwMxndyxIwVq3kWt1d1oW
=bpn0
-----END PGP SIGNATURE-----
More information about the krb5-bugs
mailing list