Cannot lock database

Nalin Dahyabhai nalin at redhat.com
Mon Sep 17 16:21:55 EDT 2007


On Mon, Sep 17, 2007 at 11:46:36AM -0400, Nate Johnson wrote:
> This is from the master kdc's logs:
>   Sep 17 15:11:20 <kdc> kadmind[5951]: Request: kadm5_randkey_principal,
> smtp/<fqdn>@IU.EDU, Cannot lock database, client=natejohn/admin at IU.EDU,
> service=kadmin/admin at IU.EDU, addr=<ip address>

Shot in the dark: is it RHEL 5.0 with SELinux in enforcing mode?

If it is, try running "restorecon -R -v /var/kerberos/krb5kdc".  That'll
set the labels on the database files to values which the policy allows
kadmind to manipulate.

HTH,

Nalin



More information about the Kerberos mailing list