Cannot start the krb5kdc

Daniel Savard daniel.savard at gmail.com
Sun Jul 31 13:28:10 EDT 2005 

I think I sent it directly to sensei instead to the list. I apologize.

Also, I am running mit-kerberos version 1.4.1. I think previous
version was 1.3.6. I just read I was supposed to backup my database
before upgrading and the Gentoo procedure didn't take this into
account. So, I guest the database is not in a proper format for 1.4.1.
Is there a way to recover this kind of error? Any tool to perform the
conversion?

---------- Forwarded message ----------
From: Daniel Savard <daniel.savard at gmail.com>
Date: 30 juil. 2005 20:04
Subject: Re: Cannot start the krb5kdc
To: Sensei <senseiwa at tin.it>


Here is my krb5.conf:

[libdefaults]
        ticket_lifetime = 600
        default_realm = CIDS.CA
        default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
        default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

[realms]
        CIDS.CA = {
        kdc = kerberos.cids.ca:88
        kdc = kerberos-1.cids.ca:88
        admin_server = kerberos.cids.ca:749
        }

[domain_realm]
        .cids.ca = CIDS.CA
        cids.ca = CIDS.CA

[kdc]
        profile = /etc/krb5kdc/kdc.conf

[logging]
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log

------------------------------------------------------------------------

Then my kdc.conf which is in /etc/krb5kdc as in the profile stanza
above is stating:

[kdcdefaults]
        kdc_ports = 88,750

[realms]
        CIDS.CA = {
        database_name = /etc/krb5kdc/principal
        admin_keytab = /etc/krb5kdc/kadm5.keytab
        acl_file = /etc/krb5kdc/kadm5.acl
        key_stash_file = /etc/krb5kdc/.k5.CIDS.CA
        dict_file = /etc/krb5kdc/kadm5.dict
        kadmind_port = 749
        max_life = 10h 0m 0s
        max_renewable_life = 7d 0h 0m 0s
        master_key_type = des3-hmac-sha1
        supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
        }

--------------------------------------------------------------------------------------

And as you can see, my database is in /etc/krb5kdc/principal. All the
files exists, except the dict_file, which is no harm I think. Anyway,
even if I removed this stanza it doesn't change anything.

When trying to startup the KDC, I am getting the messages already
mentionned in my previous post. Not much more details than that.
Unless you can told me a way to increase debugging level.

Regards,

--
-----------------
Daniel Savard


-- 
-----------------
Daniel Savard

More information about the Kerberos mailing list