Is creating a database necessary for KDC propagation?
Guarracino, Nicholas
Nicholas.Guarracino at ipc.com
Tue Jan 22 11:29:44 EST 2008
After looking through the Kerberos V5 Installation Guide, it sounds like
database propagation should work without a preexisting database on the
slave KDC. However when I try to do that, I get the following message:
kpropd: /usr/kerberos/sbin/kdb5_util returned a bad exit status (2)
It looks like kpropd does an execv() to kdb5_util load. When I try that
command manually, without an existing database, I get:
load: cannot make newly loaded database live (No such file or directory)
load: cannot delete bad database /var/kerberos/krb5kdc/principal
(Database has already been initialized)
The newly received database gets left in principal~, lock file in
principal~.kadm5.lock, etc. If I remove the "~" from each file name,
then I can create the stash file and continue on.
If, on the other hand, I create an empty database on the slave KDC
before propagation, all is well. Am I missing something in the
installation guide, or is it a requirement to create a database on the
slave KDC first?
Thanks,
--Nick
DISCLAIMER:
Important Notice *************************************************
This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unintended recipients are prohibited from taking action on the basis of information in this e-mail.E-mail messages may contain computer viruses or other defects, may not be accurately replicated on other systems, or may be intercepted, deleted or interfered with without the knowledge of the sender or the intended recipient. If you are not comfortable with the risks associated with e-mail messages, you may decide not to use e-mail to communicate with IPC. IPC reserves the right, to the extent and under circumstances permitted by applicable law, to retain, monitor and intercept e-mail messages to and from its systems.
More information about the Kerberos
mailing list