teething pains

Marcus Watts mdw at umich.edu
Thu Jun 26 17:27:03 EDT 2003

> Date: Thu, 26 Jun 2003 14:19:33 -0600 (MDT)
> From: "N. Leenders" <nadine at ualberta.ca>
> X-X-Sender: nadine at nadine-computer.local
> To: kerberos at mit.edu
> Message-ID: <Pine.OSX.4.44.0306261405370.1439-100000 at nadine-computer.local>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Subject: teething pains
> Hi,
> I'm new to this list and to setting up kerberos and am running into some
> problems.
> When running kadmin.local, while cleaning up some of the test principals
> I'd set up, I also removed "K/M at NIC.UALBERTA.CA", not realizing that the
> system had put it there.  Since then, I haven't been able to run
> kadmin.local:
> [root at lyon root]# kadmin.local
> Authenticating as principal root/admin at NIC.UALBERTA.CA with password.
> kadmin.local: Cannot find master key record in database while initializing
> kadmin.local interface
> So I tried destroying the database so I could start over:
> [root at lyon root]# kdb5_util destroy
> kdb5_util: No such entry in the database while retrieving master entry
> And it didn't work to try creating a new one either:
> [root at lyon root]# kdb5_util create -r NIC.UALBERTA.CA -s
> create: The database '/var/kerberos/krb5kdc/principal' appears to already
> exist
> What else can I try?
> Thx, Nadine
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman-mit-edu.ezproxyberklee.flo.org/mailman/listinfo/kerberos

If you are *really* sure you want to start over, something like
this should work:
	# cd /var/kerberos/krb5kdc
	# ls -lastn
	total 138
	  80 -rw-------   1 25131    10         40960 Jun 23 16:48 principal
	   0 -rw-------   1 25131    10             0 Jun 23 16:48 principal.ok
	   2 drwxr-xr-x  14 0        2            512 Mar 25 03:51 ..
	  48 -rw-------   1 25131    10       1049088 Mar 25 02:34 principal.kadm5
	   2 drwxr-xr-x   2 25131    10           512 Mar 10  2001 .
	   2 -rw-------   1 25131    10           137 Mar 10  2001 kadm5.keytab
	   2 -rw-r--r--   1 25131    10           130 Mar 10  2001 kadm5.acl
	   2 -rw-------   1 25131    10            26 Mar 10  2001 .k5.NIC.UALBERTA.CA
	   0 -rw-------   1 25131    10             0 Mar 10  2001 principal.kadm5.lock
	# rm -i * .*
	rm: remove kadm5.acl (yes/no)? n
	rm: remove kadm5.keytab (yes/no)? yes
	rm: remove principal (yes/no)? yes
	rm: remove principal.kadm5 (yes/no)? yes
	rm: remove principal.kadm5.lock (yes/no)? yes
	rm: remove principal.ok (yes/no)? yes
	rm of . is not allowed
	rm of .. is not allowed
	rm: remove .k5.NIC.UALBERTA.CA (yes/no)? yes
ie, get rid of every file *but* your acl file.  You might have more
than one acl file (kpropd.acl?), and you might also have a kdc.conf file
-- leave those as well.  Perhaps best to make a tar file if you aren't
quite sure, just in case.  But most of this stuff is created as part of
your installation process, and has to be in sync with other parts, so
you want to get rid of it to start over.  Don't forget to kill any
running k5 daemons first, if you have any left.

Note; if you have a stash file, *in theory*, you could recreate K/M .
Most likely you'd have to write a C program to do this, after learning
a certain amount about the lower level kdb routines in MIT k5.
This is almost certainly not what you want to do in this case,
but if you had a real database which you had somehow neglected
to back up, you might find it was worth the pain.

Tell Bob Beck I said "hi", if you want.

				-Marcus Watts
				UM ITCS Umich Systems Group

More information about the Kerberos mailing list