Problem with Kerberos

Marcus Watts mdw at umich.edu
Sun May 21 23:09:25 EDT 2006 

> Message-ID: <d12280ca0605200012m5d3d7cf2ib1ec9b10b9b28a3b at mail.gmail.com>
> Date: Sat, 20 May 2006 07:12:22 +0000
> From: "Krishna Venigalla" <krishna.venigalla at gmail.com>
> To: kerberos at mit.edu
> Subject: Problem with Kerberos
> 
> Hi,
>  This is Krishna. I am using Kerberos for authentication purpose in my
> application. I am facing a problem when I add a new user id.
> 
> The problem is that the Kerberos Admin Server is returning me "FAILED
> addding '460280.rdba' (Database read error)." This strangely occurs when I
> try to add a user with the ID:460280 (in HEX Format) i.e. 4588160 (in
> Decimal Format). This is causing a serious issue in my production system.
> 
> Can anyone help me out with this as this is a service impacting issue in my
> System. Any help is appreciated.
> 
> Thanks in advance,
>  Krishna

You'll get more useful help here if you can supply more detailed
information regarding what software you are using and what
you were doing when things went wrong.

Ie,
what vendor, product, and release of kerberos you are using:
	MIT?  Heimdal?  (Sun?  Apple?  MicroSoft?  ...)
	"kerberos v5"?  "kerberos for windows"?  "kerberos 4"? ...
	1.2.8?  1.3.4?  1.4.3?  0.6.4?  0.7.2?  ...
you should supply this for both the kdc (server) side,
and the client side.  Additionally, you should also supply:
hardware platform (sun ultra-5?  Dell 450/N?  Apple G4?)
operating system & version (Solaris 8?  FreeBSD 4.7?  aix 5.3?)
etc.

You'll also want to describe more exactly what you were doing
and what failed.  Is this an application you wrote?  Can you
reproduct the error using just kadmin and simple command-line
commands?  Can you include the exact output of a run of kadmin
that reproduces the error?  Can you include log output or
other additional diagnostic information that might further
identify your problem?  Kerberos uses a character string
comprised of printable "usascii" (7-bit) characters (with
special processing of \ / @) to represent principal names, so your
description of decimal vs. hexadecimal is very confusing to say
the least.

Off-hand, it appears you might have encountered what KTH
calls "UK_RERROR" and what MIT calls KRB5_KDB_UK_RERROR,
which in both cases might produce the message "Database read error".
It appears to me this might be caused by an attempt to iterate a
non-btree database, or maybe caused by a corrupt database.  Depending
on the exact causes, you might need any or none of these:
	examine the logs on the kdc to determine a previous
		sequence of events and errors that lead to
		the current situation.
	run kadmind with strace to determine what's
		really going on.
	discover and fix an "out of space" problem on the hard drive.
	install a different version of the OS or of kerberos
	dump & restore the database
	re-initialize the database with different initial parameters
	diagnose & replace a defective hard disk
	rebuild kerberos with a different compiler or compile options.
You've not supplied enough information to eliminate any of
these possible "fixes" -- or even enough information for
anybody to give you good directions on how to do any of these.

				-Marcus Watts

More information about the Kerberos mailing list