Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 4931 From jhawk@MIT.EDU Sat Oct 5 18:51:22 1996 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA29284 for ; Sat, 5 Oct 1996 18:51:21 -0400 Received: from STEVE-DALLAS.MIT.EDU by MIT.EDU with SMTP id AA21475; Sat, 5 Oct 96 18:51:20 EDT Received: by steve-dallas.MIT.EDU (940816.SGI.8.6.9/4.7) id SAA15335; Sat, 5 Oct 1996 18:51:20 -0400 Message-Id: <199610052251.SAA15335@steve-dallas.MIT.EDU> Date: Sat, 5 Oct 1996 18:51:20 -0400 From: jhawk@bbnplanet.com Reply-To: jhawk@MIT.EDU To: krb5-bugs@MIT.EDU Subject: kdb5_util doesn't create policy db with -old >Number: 62 >Category: krb5-admin >Synopsis: kdb5_util doesn't create policy db with -old >Confidential: no >Severity: serious >Priority: medium >Responsible: bjaspan >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Sat Oct e 18:52:00 EDT 1996 >Last-Modified: Tue Oct e 13:40:46 EDT 1996 >Originator: John Hawkinson >Organization: BBN Planet >Release: beta-7 >Environment: System: SunOS all-purpo 4.1.4 4 sun4m Architecture: sun4 >Description: Creating a database with "kdb5_util load -old mumble" fails to create the admin policy database. >How-To-Repeat: Run: kdb5_util load -old mumble Then try to use kadmind. Watch it fail. >Fix: >Audit-Trail: From: "Barry Jaspan" To: jhawk@MIT.EDU Cc: krb5-bugs@MIT.EDU Subject: Re: krb5-admin/62: kdb5_util doesn't create policy db with -old Date: Mon, 7 Oct 1996 17:34:49 -0400 I'm not sure why this isn't working in the beta 7 release, but in the current development sources it breaks for another reason: admin_dbname can no longer be specified independently, but load_db assumes it can. I'll fix this; I'm appending this note as a reminder. From: "Barry Jaspan" To: jhawk@MIT.EDU Cc: krb5-bugs@MIT.EDU Subject: Re: krb5-admin/62: kdb5_util doesn't create policy db with -old Date: Tue, 8 Oct 1996 13:06:11 -0400 John, Your bug report says that "kdb5_util load -old" fails to create the admin policy database. Now that I think about it, I believe the problem is that you think load is supposed to do something it is not supposed to do. kdb5_util load is not the same as kdb5_util create with initial data. kdb5_util load loads a dump file into an *existing* database. Thus, you must always perform a kdb5_util create on a machine before you can run kdb5_util load. The kdb5_util create will create an empty policy database. If you want to transfer an existing, old database to the new system, you need to: kdb5_edit dump dump-file kdb5_util create kdb5_util load dump-file Does this make sense? Barry From: John Hawkinson To: krb5-bugs@MIT.EDU Cc: Subject: Re: krb5-admin/62 Date: Tue, 8 Oct 1996 13:24:25 -0400 (EDT) From -i watchmaker. Auth: yes Time: 13:08:26 Date: Tue Oct 8 1996 Host: dun-dun-noodles From: Barry Jaspan Yes. I see in your other kdb5_util bug report that you discovered create is a pre-req for load. Auth: yes Time: 13:09:08 Date: Tue Oct 8 1996 Host: all-purpose-gunk.near.net From: John Hawkinson It varies. That was my initial assumption. But Ted suggested I load without creation. The problem with just creating is that requires me to know K/M for the old database, and I consider that an unreasonable requirement. Auth: yes Time: 13:10:11 Date: Tue Oct 8 1996 Host: dun-dun-noodles From: Barry Jaspan Hmmm. Create, use a dummy K/M pw, and copy the old stash file? The load semantics will get more complicated if it has to support being create, also. Auth: yes Time: 13:11:22 Date: Tue Oct 8 1996 Host: dun-dun-noodles From: Barry Jaspan ... although I suppose "create the policy db if it does not exist" would not be such a complication. Auth: yes Time: 13:11:41 Date: Tue Oct 8 1996 Host: all-purpose-gunk.near.net From: John Hawkinson Eh? This works fine if create is only being used to instantiate the admin policy database, and nothing in the admin policy database is encyrpted with K/M. That seems to be the current state, but it is hardly intuitive. I suppose you could document it as the prescribed workaround. I would rather see either: 1) kdb_util load creates the admin policy database 2) kdb_util create can read a stash file State-Changed-From-To: open-closed State-Changed-By: bjaspan State-Changed-When: Tue Oct 8 13:38:53 1996 State-Changed-Why: kdb5_util load now handles policy databases much more cleanly overall, and will create a policy database if it does not already exist when the the user loads an old dump file. This PR is related to but not exactly identical to krb5-admin/58. Files: lib/kadm5/ChangeLog:1.7 kadmin/dbutil/ChangeLog:1.22 >Unformatted: