KDC won't start after fresh install

Benjamin Kaduk kaduk at MIT.EDU
Thu Sep 5 09:09:24 EDT 2013


On Thu, 5 Sep 2013, Sebastian Singer wrote:

> Hi,
>
> I have been installing Kerberos form scratch on a Debian Wheezy this day
> following http://techpubs.spinlocksolutions.com/dklar/kerberos.html .
>
> Double checked everything but when trying to start KDC this is what the
> log says:
>
> /var/log/kerberos/krb5kdc.log:
> Sep 05 13:12:52server.net krb5kdc[22172](debug): Got signal to request exit
> Sep 05 13:12:52 server.net krb5kdc[22172](info): closing down fd 9
> Sep 05 13:12:52server.net krb5kdc[22172](info): closing down fd 8
> Sep 05 13:12:52 server.net krb5kdc[22172](info): shutting down
> Sep 05 13:12:52 server.net krb5kdc[22454](info): setting up network...
> Sep 05 13:12:52 server.net krb5kdc[22454](info): listening on fd 8: udp
> 0.0.0.0.88 (pktinfo)
> Sep 05 13:12:52 server.net krb5kdc[22454](info): listening on fd 9: udp
> 0.0.0.0.750 (pktinfo)
> krb5kdc: setsockopt(10,IPV6_V6ONLY,1) worked
> krb5kdc: Das Argument ist ung?ltig - Cannot request packet info for udp
> socket address :: port 88
> Sep 05 13:12:52 server.net krb5kdc[22454](info): skipping unrecognized
> local address family 17
> Sep 05 13:12:52 server.net krb5kdc[22454](info): set up 2 sockets
> Sep 05 13:12:52 server.net krb5kdc[22455](info): commencing operation
>
> I opened ports 88, 464, 749 and 750 in iptables for udp and tcp. Still
> no clean server start.
> I wonder if there is something  with ipv6 as in line 9 of the log it
> refers to "socket address ::"?
> I hope it is just a beginner's mistake ;-)

This failure mode does not ring any bells right away, but I would 
double-check that you saw the "Caution" note about cases where "the 
system's network hostname is assigned to the localhost address 127.0.0.1."
I think I have seen krb5 clients get confused when there is both an IPv4 
and an IPv6 local address line, or some iteration thereof.  Are you 
intending to use IPv6 on the machine?

-Ben Kaduk


More information about the Kerberos mailing list