kprop: Software caused connection abort while reading response from server

Jeff Blaine jblaine at kickflop.net
Thu Apr 24 11:01:48 EDT 2008 

Sent to krbdev.  Posting here for future users.  Workaround
to the bug can be found under 'REFERENCES'.  Done talking to
myself :)

MIT Kerberos 1.6.3

PROBLEM
=======

Standing up a brand new slave KDC does not go according to the
MIT documentation.  Not a documentation error.  There is a bug
lurking in the code.

DETAILS
=======

http://mailman.mit.edu/pipermail/kerberos/2008-April/013558.html

http://mailman.mit.edu/pipermail/kerberos/2008-April/013560.html

REFERENCES
==========

Another user who experienced the same thing as me:

     http://www.mail-archive.com/kerberos@mit.edu/msg13573.html

Another user who experienced the same thing as me (bottom
half of web page) and thankfully wrote up a solution!

     http://www.ba.infn.it/~domenico/docs/AAIFiles/kerberos.html

Jeff Blaine wrote:
> And more!
> 
> kdc2% sudo ../barnowl-krb5/sbin/kpropd -d -S
> Connection from kdc.foo.com
> krb5_recvauth(5, kprop5_01, host/kdc2.foo.com at RCF.FOO.COM, ...)
> authenticated client: host/kdc.foo.com at RCF.FOO.COM (etype == Triple DES 
> cbc mode with HMAC/sha1)
> calling kdb5_util to load database
> Child PID is 2088
> load: File exists
> ../kdc2-krb5/sbin/kpropd: /var/kdc2-krb5/sbin/kdb5_util returned a bad 
> exit status (1)
> kdc2%
> 
> On the main KDC (where kprop is being run):
> 
> sbin/kprop: Software caused connection abort while reading response from 
> server
> 
> Jeff Blaine wrote:
>> Oh hey, there IS a -d flag!  Here's that info, although it's
>> not helpful really.
>>
>> kdc% sudo sbin/kprop -d -f /var/krb5kdc/slave_datatrans kdc2.foo.com
>> 32768 bytes sent.
>> 65536 bytes sent.
>> 98304 bytes sent.
>> 131072 bytes sent.
>> 163840 bytes sent.
>> 196608 bytes sent.
>> 229376 bytes sent.
>> 255017 bytes sent.
>> sbin/kprop: Software caused connection abort while reading response 
>> from server
>> kdc%
>>
>>
>> Jeff Blaine wrote:
>>> Onto the next problem:
>>>
>>> [ This guy never got responded to in public that I can see:    ]
>>> [ http://mailman.mit.edu/pipermail/kerberos/2007-August/012034.html ]
>>>
>>> kdc% sudo sbin/kprop -f /var/krb5kdc/slave_datatrans kdc2.foo.com
>>> sbin/kprop: Software caused connection abort while reading response 
>>> from server
>>> kdc%
>>>
>>> Leaves me with this on the following on the slave KDC (kdc2)
>>> and the inability to use 'kdb5_util stash' due to 'no such
>>> file or directory' because principal.ok does not exist
>>> (according to truss).
>>>
>>> kdc2# pwd
>>> /var/krb5kdc
>>> kdc2# ls -lart
>>> total 998
>>> -rw-------   1 root     root         151 Apr 23 14:12 kpropd.acl
>>> drwxr-xr-x  48 root     sys         1024 Apr 23 14:16 ../
>>> -rw-------   1 root     root      255017 Apr 23 14:19 from_master
>>> -rw-------   1 root     root           0 Apr 23 14:19 
>>> principal~.kadm5.lock
>>> -rw-------   1 root     root        8192 Apr 23 14:19 principal~.kadm5
>>> -rw-------   1 root     root      212992 Apr 23 14:19 principal~
>>> drwxr-xr-x   2 root     root         512 Apr 23 14:19 ./
>>> -rw-------   1 root     root        8192 Apr 23 14:19 principal
>>> -rw-------   1 root     root           0 Apr 23  2008 principal~.ok
>>> kdc2#
>>>
>>> Any ideas?
>>>
>>
>

More information about the Kerberos mailing list