[37857] in Kerberos
Re: Problem with db master password migrating kerberos server to new
daemon@ATHENA.MIT.EDU (Rainer Krienke)
Tue Feb 7 07:16:26 2017
To: kerberos@mit.edu
From: Rainer Krienke <krienke@uni-koblenz.de>
Message-ID: <d1965450-d787-2c8a-fbea-5402e7b61328@uni-koblenz.de>
Date: Tue, 7 Feb 2017 13:16:06 +0100
MIME-Version: 1.0
In-Reply-To: <0f0aa7b5-2e01-7f6e-0c44-e9e091102b39@uni-koblenz.de>
Content-Type: multipart/mixed; boundary="===============4375310377278204934=="
Errors-To: kerberos-bounces@mit.edu
This is a cryptographically signed message in MIME format.
--===============4375310377278204934==
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha-256; boundary="------------ms000507090006040904050509"
This is a cryptographically signed message in MIME format.
--------------ms000507090006040904050509
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hello,
just a quick update:
in between I also tried the official upgrade path for kerberos:
https://web.mit.edu/kerberos/krb5-1.3/krb5-1.3.6/doc/krb5-install.html#Up=
grading%20Existing%20Kerberos%20V5%20Installations
This procedure leads to the very same problem on machine B. kadmin.local
works, kadmin.local -m <password> does not work.
I tried the same procedure but in this case the new destination machine
"B" had the very same kerberos version and the same linux installation
just like machine A. In this case this official upgrade path by
exporting and importing principals works just as expected so that
kadmin.local -m <passwords> is ok.
So it seems like the krb version switch causes this problem. Is there
perhaps something more that has to be done... ?
Thanks
Rainer
Am 07.02.2017 um 09:17 schrieb Rainer Krienke:
> Hello,
>=20
> I run a linux machine A with SuSE SLES11SP4 with a working kerberos
> server (version 1.6.3) and want to migrate this server to a new linux
> SLES12SP2 machine B where the kerberos installation (version 1.12.5) i=
s
> a little more recent.
>=20
> I tried to tar the whole stuff in /var/lib/kerberos/krb5kdc on machine =
A
> and then extract it on machine B. Part of this tar is also the stash
> file. /etc/krb5.conf is identical on both machines
>=20
> Afterwards I am able to run kamin.local and can eg list all the
> principals. However I am unable to login using kamin.local -m using my=
> database master password which works on server A. I see the following
> error message if I try on machine B:
>=20
> kadmin.local: Unable to decrypt latest master key with the provided
> master key while initializing kadmin.local interface
>=20
> Does anyone know why it could not be working, or what I have to do to
> get it working again? I do not understand this at the moment. What else=
> aside from the original db password and the principals could this login=
> depend on?
>=20
> Thanks a lot for any help
> Rainer
>=20
>=20
>=20
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>=20
--=20
Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1
56070 Koblenz, Tel: +49261287 1312 Fax +49261287 100 1312
Web: http://userpages.uni-koblenz.de/~krienke
PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html
--------------ms000507090006040904050509
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC
D9gwggTVMIIDvaADAgECAghQTsb1PRG0ZDANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJE
RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2VjIFRy
dXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENBIDIwHhcNMTQw
NzIyMTIwODI2WhcNMTkwNzA5MjM1OTAwWjBaMQswCQYDVQQGEwJERTETMBEGA1UEChMKREZO
LVZlcmVpbjEQMA4GA1UECxMHREZOLVBLSTEkMCIGA1UEAxMbREZOLVZlcmVpbiBQQ0EgR2xv
YmFsIC0gRzAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZvDZ4X5Da71jVTD
llA1PWLpbkztlNcAW5UidNQg6zSP1uzAMQQLmYHiphTSUqAoI4SLdIkEXlvg4njBeMsWyyg1
OXstkEXQ7aAAeny/Sg4bAMOG6VwrMRF7DPOCJEOMHDiLamgAmu7cT3ir0sYTm3at7t4m6O8B
r3QPwQmi9mvOvdPNFDBP9eXjpMhim4IaAycwDQJlYE3t0QkjKpY1WCfTdsZxtpAdxO3/NYZ9
bzOz2w/FEcKKg6GUXUFr2NIQ9Uz9ylGs2b3vkoO72uuLFlZWQ8/h1RM9ph8nMM1JVNvJEzSa
cXXFbOqnC5j5IZ0nrz6jOTlIaoytyZn7wxLyvQIDAQABo4IBhjCCAYIwDgYDVR0PAQH/BAQD
AgEGMB0GA1UdDgQWBBRJt8bP6D0ff+pEexMp9/EKcD7eZDAfBgNVHSMEGDAWgBQxw3kbuvVT
1xfgiXotF2wKsyudMzASBgNVHRMBAf8ECDAGAQH/AgECMGIGA1UdIARbMFkwEQYPKwYBBAGB
rSGCLAEBBAICMBEGDysGAQQBga0hgiwBAQQDADARBg8rBgEEAYGtIYIsAQEEAwEwDwYNKwYB
BAGBrSGCLAEBBDANBgsrBgEEAYGtIYIsHjA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vcGtp
MDMzNi50ZWxlc2VjLmRlL3JsL0RUX1JPT1RfQ0FfMi5jcmwweAYIKwYBBQUHAQEEbDBqMCwG
CCsGAQUFBzABhiBodHRwOi8vb2NzcDAzMzYudGVsZXNlYy5kZS9vY3NwcjA6BggrBgEFBQcw
AoYuaHR0cDovL3BraTAzMzYudGVsZXNlYy5kZS9jcnQvRFRfUk9PVF9DQV8yLmNlcjANBgkq
hkiG9w0BAQsFAAOCAQEAYyAo/ZwhhnK+OUZZOTIlvKkBmw3Myn1BnIZtCm4ssxNZdbEzkhth
Jxb/w7LVNYL7hCoBSb1mu2YvssIGXW4/buMBWlvKQ2NclbbhMacf1QdfTeZlgk4y+cN8ekvN
TVx07iHydQLsUj7SyWrTkCNuSWc1vn9NVqTszC/Pt6GXqHI+ybxA1lqkCD3WvILDt7cyjrEs
jmpttzUCGc/1OURYY6ckABCwu/xOr24vOLulV0k/2G5QbyyXltwdRpplic+uzPLl2Z9Tsz6h
L5Kp2AvGhB8Exuse6J99tXulAvEkxSRjETTMWpMgKnmIOiVCkKllO3yG0xIVIyn8LNrMOVtU
FzCCBV4wggRGoAMCAQICBxeZn9pX17IwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCREUx
EzARBgNVBAoTCkRGTi1WZXJlaW4xEDAOBgNVBAsTB0RGTi1QS0kxJDAiBgNVBAMTG0RGTi1W
ZXJlaW4gUENBIEdsb2JhbCAtIEcwMTAeFw0xNDA1MTkxNTI0NThaFw0xOTA3MDkyMzU5MDBa
MIGCMQswCQYDVQQGEwJERTE5MDcGA1UEChMwUmVnaW9uYWxlcyBIb2Noc2NodWxyZWNoZW56
ZW50cnVtIEthaXNlcnNsYXV0ZXJuMRYwFAYDVQQDEw1SSFJLLUNBIC0gRzAyMSAwHgYJKoZI
hvcNAQkBFhFjYUByaHJrLnVuaS1rbC5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK5AQx3SBrbZDsO1mHSdgYrDp4rh5SQj3qf9KVHk2/UBS2Wqa6HXnkZupBYsdlxpd4eI
pi7u3RsLbvKEUaRnGerZt4tlUqcNc8cZPblFdrDIkRyth1ZDd6lhcKv0QToDxGlTYXReYTM+
0GY2a3V7VzjOCxhvJAWag++UPlNJm7Q2oDi9TSMLSbmN2Kpy/+h76bW+Bd9EQ1VJ2JobFlV/
kQjWjLzta1PYBxzjSAhL/AAD9VykV+C+5Qe+8A6TWS+giJj6fsTx8m51OnvfEI02tyJzuNBP
LAinIV61n6SnrsFvIl0k8IxKe87oUt/aAz8B5jWMzyxBeDTtS0lCitTzRbMCAwEAAaOCAf4w
ggH6MBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMBEGA1UdIAQKMAgwBgYE
VR0gADAdBgNVHQ4EFgQUL90TmGNcC8NvuO2G4AMnwW+6tgIwHwYDVR0jBBgwFoAUSbfGz+g9
H3/qRHsTKffxCnA+3mQwHAYDVR0RBBUwE4ERY2FAcmhyay51bmkta2wuZGUwgYgGA1UdHwSB
gDB+MD2gO6A5hjdodHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9j
cmwvY2FjcmwuY3JsMD2gO6A5hjdodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2dsb2JhbC1yb290
LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIHXBggrBgEFBQcBAQSByjCBxzAzBggrBgEFBQcwAYYn
aHR0cDovL29jc3AucGNhLmRmbi5kZS9PQ1NQLVNlcnZlci9PQ1NQMEcGCCsGAQUFBzAChjto
dHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jYWNlcnQvY2FjZXJ0
LmNydDBHBggrBgEFBQcwAoY7aHR0cDovL2NkcDIucGNhLmRmbi5kZS9nbG9iYWwtcm9vdC1j
YS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwDQYJKoZIhvcNAQELBQADggEBAN6x/u6FvA4+Sb0t
4oylgwcj8UKWYrKQkQ/7Udycf8K/9s+QejYqMyCO7gL3fa7mcARv1+LZm9rvu9hbMplyUtRP
on3zCXtfC7ElJhNsAutWvzhYp0MlXc9hiSRvk+fchGQEbxIfokb2mrF/KMdI/NCUdpg8I50i
stcwWM5Ox4N4HYAo6gH31rdCPwbIlfph3Tlhv7m5Y7fo+47AqgaG1IsXNcBF8Es80qvrDuV5
+zKrLaU9jvSZLglXMYXClRAwKurxKxKbyS2n8JHeY/pZFGqpz0FPJeOPfgpUV5UXEFEu38tw
tc6YtokdUcHlDKMm6r+/+x+kVN4PnC4hYLLHPH0wggWZMIIEgaADAgECAgca4RE2/sTeMA0G
CSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJERTE5MDcGA1UEChMwUmVnaW9uYWxlcyBIb2No
c2NodWxyZWNoZW56ZW50cnVtIEthaXNlcnNsYXV0ZXJuMRYwFAYDVQQDEw1SSFJLLUNBIC0g
RzAyMSAwHgYJKoZIhvcNAQkBFhFjYUByaHJrLnVuaS1rbC5kZTAeFw0xNjAyMTUwOTAwMjNa
Fw0xOTAyMTQwOTAwMjNaMGQxCzAJBgNVBAYTAkRFMSQwIgYDVQQKDBtVbml2ZXJzaXRhZXQg
S29ibGVuei1MYW5kYXUxFjAUBgNVBAsMDVJlY2hlbnplbnRydW0xFzAVBgNVBAMMDlJhaW5l
ciBLcmllbmtlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8EBhJep8lTNeLbA
N0y7NQSAU0ehXwciCQixT4TbWtCIPyJfyNakduSR0XwP1Ig9Hly1goHKePkRB/dS9kIhgZsu
rO6sDMj/RG4Zw6Wy2MQ0XV58pIlMdnCS631GZOxk19Njd3k9+767wrhOApn+yAyoJPy+w1RN
t0jCiPZgrJeOt6NHfIMJRcmjDGlPRMUEO3RD72cQW3SzVlPC2nvl0WHbV/ZFZbO+AtJRjBPa
fi49sDV8r1zTWIzFIc9MkqlFAS/O+P/IdZdLMPoXQiJ6Ch+MFnABefkPqIjloF7WfJ4PtT1/
I5DGLAVdR/URiAWHWf1yY6aoFiJNt1rF03hAeQIDAQABo4ICLzCCAiswQAYDVR0gBDkwNzAR
Bg8rBgEEAYGtIYIsAQEEAwQwEQYPKwYBBAGBrSGCLAIBBAMBMA8GDSsGAQQBga0hgiwBAQQw
CQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME
MB0GA1UdDgQWBBTwwiVSpv91jF9yH8iXNXOrLdcLszAfBgNVHSMEGDAWgBQv3ROYY1wLw2+4
7YbgAyfBb7q2AjAhBgNVHREEGjAYgRZrcmllbmtlQHVuaS1rb2JsZW56LmRlMH0GA1UdHwR2
MHQwOKA2oDSGMmh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvcmhyay1jYS9wdWIvY3JsL2dfY2Fj
cmwuY3JsMDigNqA0hjJodHRwOi8vY2RwMi5wY2EuZGZuLmRlL3JocmstY2EvcHViL2NybC9n
X2NhY3JsLmNybDCBzQYIKwYBBQUHAQEEgcAwgb0wMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3Nw
LnBjYS5kZm4uZGUvT0NTUC1TZXJ2ZXIvT0NTUDBCBggrBgEFBQcwAoY2aHR0cDovL2NkcDEu
cGNhLmRmbi5kZS9yaHJrLWNhL3B1Yi9jYWNlcnQvZ19jYWNlcnQuY3J0MEIGCCsGAQUFBzAC
hjZodHRwOi8vY2RwMi5wY2EuZGZuLmRlL3JocmstY2EvcHViL2NhY2VydC9nX2NhY2VydC5j
cnQwDQYJKoZIhvcNAQELBQADggEBAKdydwg4btfpn6zlURxNX6wJZ8UnoIXUQsS9ieGJkDcX
ahedrvSJ+fX7k/vj2jSwWDRBrPL4QBPfyO54fm2URTv/0Mg3cnetEH9EIRIOnUC+Yowq34y3
8X1t05Ha/DsD3z7HHYQCZu75UwUcYF74sCNaQb0n3THedCLfRRAGdnhHo9jjn+sIXmstB0Id
xO/UgrCQPihZ20bAkcuD7ZfKf7jY7PGFNFxUS2y6B8lbqASWVLKgk1SzU0rLiL+jUoZxTeyU
4vV/UhWAcjT2H5T8UBehEf6vd2mCSRlWgotZAewYwPPPG3baYl8KInaUL/Nf1ebRjlPbUZzK
rupO+h4LSeAxggPbMIID1wIBATCBjjCBgjELMAkGA1UEBhMCREUxOTA3BgNVBAoTMFJlZ2lv
bmFsZXMgSG9jaHNjaHVscmVjaGVuemVudHJ1bSBLYWlzZXJzbGF1dGVybjEWMBQGA1UEAxMN
UkhSSy1DQSAtIEcwMjEgMB4GCSqGSIb3DQEJARYRY2FAcmhyay51bmkta2wuZGUCBxrhETb+
xN4wDQYJYIZIAWUDBAIBBQCgggIdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZI
hvcNAQkFMQ8XDTE3MDIwNzEyMTYwNlowLwYJKoZIhvcNAQkEMSIEIPxBosjc/R7ZNsigk9ki
3loKFS3rjhe3/QpfGmyuRrHQMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEqMAsGCWCG
SAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYF
Kw4DAgcwDQYIKoZIhvcNAwICASgwgZ8GCSsGAQQBgjcQBDGBkTCBjjCBgjELMAkGA1UEBhMC
REUxOTA3BgNVBAoTMFJlZ2lvbmFsZXMgSG9jaHNjaHVscmVjaGVuemVudHJ1bSBLYWlzZXJz
bGF1dGVybjEWMBQGA1UEAxMNUkhSSy1DQSAtIEcwMjEgMB4GCSqGSIb3DQEJARYRY2FAcmhy
ay51bmkta2wuZGUCBxrhETb+xN4wgaEGCyqGSIb3DQEJEAILMYGRoIGOMIGCMQswCQYDVQQG
EwJERTE5MDcGA1UEChMwUmVnaW9uYWxlcyBIb2Noc2NodWxyZWNoZW56ZW50cnVtIEthaXNl
cnNsYXV0ZXJuMRYwFAYDVQQDEw1SSFJLLUNBIC0gRzAyMSAwHgYJKoZIhvcNAQkBFhFjYUBy
aHJrLnVuaS1rbC5kZQIHGuERNv7E3jANBgkqhkiG9w0BAQEFAASCAQBV7OB88BG+Vx9TaGt3
EU/qK+HO3lw6XNNDJmV+Z4FrFJFju1FzbQasDu42HYipvLtm+VBzyGt7gM6uIFdU8vJpVjOY
+mK/gVpsqVVWUTd8vhTlkC63/xiFJfnpgsNJSuZJTt3Ck4LGIksqqMB2qipxK4kx2IBOs0ME
fGa9eEDWAPj9Y6PduuyOegX4mfA0U2miq4sLFhQWCnlLD3TMD4AqOicX1xUs1JgsmL3t58Ba
JqRNYf7lmsoUEqyGXnxKLARVw1GJ3Ck+7gLQEdC/l7sc9JAapJ79Iz+tYPgfFxnND+FYXDA4
T9ygNuoJgvYXVjOQLcpQR0NMwkfaeczxK/qSAAAAAAAA
--------------ms000507090006040904050509--
--===============4375310377278204934==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============4375310377278204934==--
