Problem with Kerberos
Marcus Watts
mdw at umich.edu
Wed May 24 17:07:45 EDT 2006
"Krishna Venigalla" <krishna.venigalla at gmail.com> writes:
...
> We are using MIT Kerberos V4 release 9 in our production system. The OS we
> are using is UNIX-MPRAS which runs on NCR-5100 machines. This configuration
...
> dumping continuously. The size of the dump increased to 800MB which is 14MB
> in the normal scenario.
>
> Any help with regard to this is appreciated.
I believe MIT has dropped support of Kerberos V4. You might ask
them specifically for more support but since they've not responded
yet I doubt you'll get much help.
You will almost certainly want to move to some recent version of MIT
K5, probably 1.4.3. K5 does include backwards support of V4, so your
existing user and application environment should continue to work.
You'll want to convert everything over to V5 once you've switched,
because MIT has announced plans to pull backwards support of V4
"soon".
I'm not sure what's happening in your exact case, but I remember
vaguely that there were some issues with ancient vendor versions
of libdbm - where certain keys could not be used on account
of running out of hash buckets. If that is the case, you
should probably not expect the "bad" principal to ever work with your
current software. It should work once you convert over to MIT k5 1.4.3.
Assuming you've been making regular backups of things, you will probably
want to restore your last known good backup of the V4 database.
If you've not been making regular backups or for some reason they're
not adequate, you'll have to resort to more custom tools to recover
your kerberos data out of the dbm file. This will most likely require
a reasonably clever programmer; somebody who can figure out the .dbm
file format and write tools to crawl through it, recover the data, and
deal with master key issues, encrypting/decrypting stuff, and other
kerberos specific stuff. This will not be a trivial effort.
-Marcus Watts
More information about the Kerberos
mailing list