"Stored master key is corrupted while initializing kadmin.local interface"

Tillman Hodgson tillman at seekingfire.com
Mon Oct 27 12:03:40 EST 2003


Howdy folks,

I'm running an MIT KDC for two small realms (a few dozen principals
each) on FreeBSD 4-STABLE for i386. I haven't tried to manipulate any
principals via the kadmin interface ia a while (probably two weeks), and
when I tried it recently I ran across an unusual problem: kadmind wasn't
running.

Thinking that that was unusual, but not a bit deal, I attempted to fire
up kadmind:

# /usr/local/krb5/sbin/kadmind -r SEEKINGFIRE.PRV
kadmind: Stored master key is corrupted while initializing, aborting

Oh, that's not good. So I tried via via kadmin.local (which should give
the same result, I know):

# /usr/local/krb5/sbin/kadmin.local
Authenticating as principal tillman/admin at SEEKINGFIRE.PRV with password.
kadmin.local: Stored master key is corrupted while initializing
kadmin.local interface

That's definitely not working. krb5kdc is running and working fine, but
without kadmin I'm probably headed for trouble :-)

So I thought I'd try my other realm. I skipped the kadmind and went
straight to kadmin.local:

# /usr/local/krb5/sbin/kadmin.local -r ROSPA.CA
Authenticating as principal tillman/admin at SEEKINGFIRE.PRV with password.
kadmin.local: Stored master key is corrupted while initializing
kadmin.local interface

Note that this realm is on the same server, but has it's own directory
and it's own stashed master key (.k5.ROSPA.CA versus
.k5.SEEKINGFIRE.PRV).

I have multiple copies of both on-line and tape backups of the stashed
master key ... and the md5sum on all of them agree with each other (and
the "real" version!). Both the tape and on-line backups have versions
ancient enough that they predate this problem by months.

Any ideas as to what might be causing this or how I might go about
trouble shooting it?

-T



Background information:

[root at pluto sbin]# uname -a
FreeBSD pluto.seekingfire.prv 4.9-RC FreeBSD 4.9-RC #0: Tue Sep 30 23:40:54 CST 2003 toor at athena.seekingfire.prv:/usr/obj/usr/src/sys/PLUTO  i386

[root at pluto sbin]# portversion -v | grep krb5
krb5-1.3.1                  =  up-to-date with port

(I upgraded from 1.2.x semi-recently - I suspect the upgrade may be part
 of the problem, though I cna't justify that feeling empirically.)


-- 
"The real question is not whether machines think but whether men do."
	- B. F. Skinner, _Contingencies of Reinforcement_


More information about the Kerberos mailing list