Cannot lock database
Nalin Dahyabhai
nalin at redhat.com
Mon Sep 17 16:21:55 EDT 2007
On Mon, Sep 17, 2007 at 11:46:36AM -0400, Nate Johnson wrote:
> This is from the master kdc's logs:
> Sep 17 15:11:20 <kdc> kadmind[5951]: Request: kadm5_randkey_principal,
> smtp/<fqdn>@IU.EDU, Cannot lock database, client=natejohn/admin at IU.EDU,
> service=kadmin/admin at IU.EDU, addr=<ip address>
Shot in the dark: is it RHEL 5.0 with SELinux in enforcing mode?
If it is, try running "restorecon -R -v /var/kerberos/krb5kdc". That'll
set the labels on the database files to values which the policy allows
kadmind to manipulate.
HTH,
Nalin
More information about the Kerberos
mailing list