[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: hprop problem with krb4-db database
Love, all
First and foremost, thanks for the patience of helping me through
this. Obviously, I've never done this before, so I might do some
rookie mistakes..
On 11/3/05, Love Hörnquist Åstrand <lha@kth.se> wrote:
> > However, hprop is a bit more cooperating if the dabase is given in
> > ASCII format (i.e. "krb4-dump" format):
>
> Since you say this, I wont comment on the problem above.
Well, this doesn't answer the question on why the above error occurs,
but still. Moving on.
> > [...]
> > root@florians:/var/lib/heimdal-kdc# hprop -d ./slave_dump
> > --source=krb4-dump -n > /tmp/test
> > hprop: krb5_425_conv_principal rcmd.server1@MY.REALM: Failed to
> > convert v4 principal
>
> It tries to do mapping between the service name "rcmd.server1" that is the
> kerberos4 style name to the FQDN host/service1.example.org@MY.REALM", but
> since the machine can't be found in dns or the [domain_realm] mapping file,
> it failes. Check if the machine is does exists, and if it does, that the
> FQDN is and why it hprop can't resolve the address in KDC.
Got that, will fix and/or recreate those principals in the new
database (no biggie). However, I have a bigger problem
First, I manually removed from that krb4-dump file all "rcmd..."
other "questionable"/already existing principals (e.g. "changepw",
"krbtgt", etc). Btw, do I really need to remove them manually ??
Anyway. I tried the procedure below both with and without those
principals in the dump, with same result.
After "cleaning" the dump, when trying to importing the resulting
krb4-dump my resulting principal database becomes garbled:
root@florians:/var/lib/heimdal-kdc# kinit oteflo0507/admin
oteflo0507/admin@IPSC.SECODE.COM's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
root@florians:/var/lib/heimdal-kdc# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: oteflo0507/admin@MY.REALM.COM
Issued Expires Principal
Nov 4 10:27:51 Nov 4 20:27:51 krbtgt/MY.REALM.COM@MY.REALM.COM
Nov 4 10:27:51 Nov 4 20:27:51 krbtgt/MY.REALM.COM@MY.REALM.COM
Nov 4 10:28:21 Nov 4 11:28:21 kadmin/admin@MY.REALM.COM
V4-ticket file: /tmp/tkt0
Principal: oteflo0507.admin@MY.REALM.COM
Issued Expires Principal
Nov 4 10:27:51 Nov 4 20:27:51 krbtgt.MY.REALM.COM@MY.REALM.COM
root@florians:/var/lib/heimdal-kdc# kadmin list */*
kadmin/admin@MY.REALM.COM
kadmin/hprop@MY.REALM.COM
kadmin/changepw@MY.REALM.COM
oteflo0507/admin@MY.REALM.COM
changepw/kerberos@MY.REALM.COM
krbtgt/MY.REALM.COM@MY.REALM.COM
host/host1.my.domain.com@MY.REALM.COM
host/host2.my.domain.com@MY.REALM.COM
hprop/host1.my.domain.com@MY.REALM.COM
hprop/host2.my.domain.com@MY.REALM.COM
root@florians:/var/lib/heimdal-kdc# hprop -n -d ./slave_dump.working2
--source=krb4-dump --master-key=./.k | hpropd -n
root@florians:/var/lib/heimdal-kdc# kadmin list */*
kadmin: kadm5_get_principals: Key table entry not found
kadmin> root@florians:/var/lib/heimdal-kdc# kadmin -l
kadmin> list */*
kadmin: get K/M@MY.REALM.COM: Invalid argument
kadmin: get afs/neon@MY.REALM.COM: Invalid argument
kadmin: get httpd/host3@MY.REALM.COM: Invalid argument
kadmin: get tobbe/root@MY.REALM.COM: Invalid argument
kadmin: get httpd/host4@MY.REALM.COM: Invalid argument
kadmin: get httpd/host5@MY.REALM.COM: Invalid argument
kadmin: get tobbe/admin@MY.REALM.COM: Invalid argument
kadmin: get httpd/host1@MY.REALM.COM: Invalid argument
kadmin: get httpd/host6@MY.REALM.COM: Invalid argument
kadmin: get httpd/host7@MY.REALM.COM: Invalid argument
kadmin: get httpd/host8@MY.REALM.COM: Invalid argument
kadmin: get httpd/host2@MY.REALM.COM: Invalid argument
kadmin: get httpd/hosst9@MY.REALM.COM: Invalid argument
kadmin: get backup/host10@MY.REALM.COM: Invalid argument
kadmin: get httpd/host11@MY.REALM.COM: Invalid argument
kadmin: get user1/root@MY.REALM.COM: Invalid argument
kadmin: get user2/root@MY.REALM.COM: Invalid argument
kadmin: get user3/root@MY.REALM.COM: Invalid argument
kadmin: get user4/root@MY.REALM.COM: Invalid argument
kadmin: get user5/admin@MY.REALM.COM: Invalid argument
kadmin: get user6/admin@MY.REALM.COM: Invalid argument
...
root@florians:/var/lib/heimdal-kdc# kdestroy
root@florians:/var/lib/heimdal-kdc# kinit oteflo0507/admin
oteflo0507/admin@MY.REALM.COM's Password:
kinit: Can't send request (send_to_kdc)
kinit: krb5_get_init_creds: unable to reach any KDC in realm IPSC.SECODE.COM
Thanks again for any help