[37783] in Kerberos
Re: Need help to recover from database corruption
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Nov 18 11:50:47 2016
To: kerberos@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <3dc5d329-2459-eb4c-349f-d4d1bd8bf72a@mit.edu>
Date: Fri, 18 Nov 2016 11:50:31 -0500
MIME-Version: 1.0
In-Reply-To: <CAK411z=X2EH=Rns7JK=eMJmZ637KPC7P7=W4J+yijx_Nh+vkcw@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 11/18/2016 10:16 AM, June Newman wrote:
> Our KDCs are running CentOS 6.8 and we have the latest kerb
> implementation for Cent 6.
What version of krb5 is that?
> We've tried to work around the corrupt principals by running 'kdb5_util
> dump -recurse' and 'kdb5_util dump -rev' but it has made no difference in
> the dump file.
>
> Does anyone have advice on how we can recover the database? We are working
> in parallel to rebuild from an older backup, but it would be ideal if we
> could recover the more complete database.
The -rev flag didn't work before krb5 1.12, and the -recurse flag
doesn't work until krb5 1.15 (which is still in beta).
I would recommend building krb5 1.15 beta 2 from source with debugging
symbols ("./configure --prefix=/somewhere CFLAGS=-g && make && make
install"), then using the resulting /somewhere/sbin/kdb5_util to do a
database dump with the -recurse flag. If it crashes, that's a bug, so
get a backtrace ("gdb --args /somewhere/sbin/kdb5_util dump -recurse"
"run" "back") and send it to me (personally; no need to flood the list
with debugging details) and we should be able to figure out why and
correct it.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
