KDC 1.15 startup error: Invalid credentials - while initializing database

Jaap Winius jwinius at umrk.nl
Thu Apr 13 09:13:45 EDT 2017

Quoting "Pallissard, Matthew" <krb at pallissard.net>:

> Do your cn=config databases match?

Almost. The main difference is that the databases on the old systems  
are in an hdb format and the new one uses mdb, so there are a few  
olcDbConfig lines on the old systems that are not present in the new  

> Do you know what that hashed password actually is? Can you manually  
> bind with that username/pw and ldapsearch?

Regrettably, no, I don't have the passwords. I copied the  
'service.keyfile 'and 'stash' files from the old systems hoped it  
would work. Could it be that the required format or key type of one or  
both of these files has changed? If so, then unless I can decrypt that  
HEX value it will probably be necessary to create a new realm. If not,  
then it does make troubleshooting a bit more difficult.



More information about the Kerberos mailing list