[krbdev.mit.edu #7632] LDAP password file errors not helpful enough
augustynwilk@gmail.com via RT
rt-comment at krbdev.mit.edu
Fri May 10 11:06:38 EDT 2013
Thank you Greg for support, you point me out to solution.
I was creating and destroying realm several times, and I'm sure I did
remove stash file before recreating it with:
kdb5_ldap_util -D "cn=admin,dc=vokankh,dc=net" stashsrvpw -f
/var/kerberos/krb5kdc/vokankh_stash.keyfile
"cn=krbadmin,ou=Services,dc=vokankh,dc=net"
(I even have an backup of original, so I had to remove)
Nevertheless I removed stash file created with realm, and recreated it
with command mentioned above. And it has required DN.
I noticed somewhere that above command will skip creating stash if the
file already exists, and exit without appropriate message. Why add a
functionality that will create stash file (along with realm) that
isn't useful for anything? Isn't it a bug?
Again thank you for help,
Best regards,
Augustyn
On 9 May 2013 18:03, Greg Hudson via RT <rt-comment at krbdev.mit.edu> wrote:
> The only other thing I can suggest is to look at your LDAP password file
> in an editor, and make sure it contains only plain-text lines like:
>
> cn=krbadmin,ou=Services,dc=vokankh,dc=net#{HEX}hexdigits
>
> If there is any binary data in there, you may have accidentally placed the
> contents of a master key stash file there, in which case you should remove
> the file and start over while making sure to keep the master key stash
> file separate from the LDAP password file.
>
> If that doesn't work, please pursue the matter via kerberos at mit.edu, which
> has a wider audience, rather than continuing through the bug tracker.
More information about the krb5-bugs
mailing list