KDC 1.15 startup error: Invalid credentials - while initializing database

Greg Hudson ghudson at mit.edu
Thu Apr 13 11:39:30 EDT 2017

On 04/13/2017 09:13 AM, Jaap Winius wrote:
> Regrettably, no, I don't have the passwords. I copied the  
> 'service.keyfile 'and 'stash' files from the old systems hoped it  
> would work. Could it be that the required format or key type of one or  
> both of these files has changed? If so, then unless I can decrypt that  
> HEX value it will probably be necessary to create a new realm. If not,  
> then it does make troubleshooting a bit more difficult.

To my knowledge the format of that file has not changed, so I don't know
why the 1.15 KDC isn't able to bind the LDAP server when the 1.10 KDCs can.

The HEX value is not encrypted.  It's just encoded in hex.  So "3c" is
the ASCII value 60 which is the character '<', and so forth.

More information about the Kerberos mailing list