Cannot lock database
Nate Johnson
natejohn at iu.edu
Mon Sep 17 11:46:36 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We are having recurrent problems with kadmind not being able to lock the
kerberos database. Here is an example:
This is from my kadmin client:
$ /usr/sbin/kadmin
Authenticating as principal natejohn/admin at IU.EDU with password.
Password for natejohn/admin at IU.EDU:
kadmin: delprinc smtp/<fqdn>@IU.EDU
Are you sure you want to delete the principal "smtp/<fqdn>@IU.EDU"?
(yes/no): yes
delete_principal: Unknown code adb 10 while deleting principal
"smtp/<fqdn>@IU.EDU"
This is from the master kdc's logs:
Sep 17 15:11:20 <kdc> kadmind[5951]: Request: kadm5_randkey_principal,
smtp/<fqdn>@IU.EDU, Cannot lock database, client=natejohn/admin at IU.EDU,
service=kadmin/admin at IU.EDU, addr=<ip address>
In the past we have seen the entropy pool dry up on the master kdc, and
have thought that it was the problem, but this morning
/proc/sys/kernel/random/entropy_avail hovered steadily around 8192 during
the period we were having problems.
The only solution we've found so far is to reboot the master kdc. We have
a system of redundant kdc's so this doesn't interrupt normal transactions,
but is clearly not an ideal solution.
I'd be happy to file a bug report if that's needed.
Please advise, Thanks,
Nate Johnson
- --
* Nate Johnson, Lead Security Engineer, GCIH
* University Information Security Office, Indiana University
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
iD8DBQFG7qFcGQUVGJudcw4RAuIuAJ0QfAnexEP6+Rshb5JKkoviAHAEnACfSdzU
h3+cXno/gpl9FC9k5YGuWcQ=
=N2Xa
-----END PGP SIGNATURE-----
More information about the Kerberos
mailing list