Segmentation fault when trying to start kadmind

Greg Hudson ghudson at mit.edu
Wed Jul 19 11:45:13 EDT 2017


On 07/18/2017 11:49 PM, Joshua Schaeffer wrote:
>> * Why does the master DB entry (K/M) have no key data?
> 
> Well, I believe this is the key question. When I run kdb5_util stash I
> now get this error:
[...]
>     kdb5_util: Cannot find master key record in database while getting
> master key list
> 
> But the problem is the record does exist: [...]

This error message is likely conflating "K/M doesn't exist" with "K/M
exists but has no key data".

In the LDAP record you included, there is no krbPrincipalKey attribute,
as one would ordinarily see in the K/M record.  That key data should be
included when the DB is created by kdb5_ldap_util; I have no theories as
to why it's not showing up in your scenario.

>> * Why isn't the code able to load the shared object from
>> /usr/local/lib/krb5/plugins/kdb/kldap?
[...]
> I just created a symlink and this error now goes away.

That suggests the code is looking for the wrong thing at runtime (kldap
instead of kldap.so), which is not normal.  That symlink shouldn't be
needed.  As you noted, this issue appears to be of ancillary importance,
but it adds to the confusion.

> I've searched my entire system for a file called "stash" (that's what
> KRB5 creates when you add the -s, right?) and I can't find anything.

The default name for the stash file is .k5.<REALM> in the KDC directory.
 (That default was chosen some decades ago and would not be my choice
today.)  So I guess search for ".k5.".  The key_stash_file profile
variable in the kdc.conf realm subsection can be used to override the
filename.


More information about the Kerberos mailing list