[krbdev.mit.edu #7118] Possible kadmin bug in Ubuntu 12.04

[Tom Yu via RT]

"Brian F Knoll via RT" <rt-comment at krbdev.mit.edu> writes:

> If I create an Ubuntu 12.04 installation in a VM, then install the krb5-kdc and krb5-admin-server packages, I can create a test realm.  Once I do this, I can use kadmin.local to add principals, and I can kinit to those principals.  That all works fine.
>
> However, when I try to use kadmin to connect to the admin server, it hangs for a few minutes, then fails with an "Unspecified GSS failure: clock skew too great" error.  This is even when I use kadmin to connect to the same machine, meaning that the clock would by definition have to be correct.  I started to file a bug report on Ubuntu's Launchpad site but it mentioned this email address, so I thought I would check here first to see if I should be reporting the bug here instead of on Launchpad.  This all works fine if I use an Ubuntu 10.04 VM instead of an Ubuntu 12.04 VM.

The hanging for a few minutes sounds like it could be a network or
configuration problem; that's not a normal thing for kadmind to do.
If it primarily happens soon after starting kadmind, it could be a
problem with kadmind blocking on the random number generator.
(Anecdotal evidence suggests that this can be more common on VMs than
on bare metal.)  Passing the '-W' flag to kadmind will force it to
read from the weak random number source, which will speed up its
startup at some cost to security.