LDAP backend - help needed...

Greg Hudson ghudson at MIT.EDU
Mon May 7 12:16:39 EDT 2012


On 05/07/2012 11:38 AM, Berthold Cogel wrote:
> -rw------- 1 root root  128 May  7 16:09 service.keyfile

> [root at hydra krb5kdc]# kadmin.local
> kadmin.local: unable to get default realm

I'm not sure why kadmin.local wouldn't be reading your krb5.conf file
(partly because krb5 1.6 was a long time ago).  Does strace show it
trying to open anything other than kdc.conf?

> [root at hydra krb5kdc]# kadmin.local -r EXAMPLE.UNI-KOELN.DE
> Authenticating as principal root/admin at EXAMPLE.UNI-KOELN.DE with password.
> kadmin.local: Invalid argument while initializing kadmin.local interface

I've most commonly seen this error when:

(1) There was something in service.keyfile before kdb5_ldap_util
stashsrvpw was run.  Usually a copy of the master key stash due to admin
confusion.
(2) kdb5_ldap_util stashsrvpw appends rather than replacing the stash
file (I assume so that you can iteratively stash multiple passwords).
(3) The LDAP module gives an unhelpful error message when it detects a
malformed service.keyfile.

Anyway, try deleting service.keyfile, re-running kdb5_ldap_util
stashsrvpw, and trying again.


More information about the Kerberos mailing list