Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 4089 From peter@eden.com Thu Jan 16 00:26:06 1997 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id AAA22271 for ; Thu, 16 Jan 1997 00:26:05 -0500 Received: from natashya.eden.com by MIT.EDU with SMTP id AA14745; Thu, 16 Jan 97 00:26:05 EST Received: from levitron.pcj.com (peter@net-7-197.austin.eden.com [206.81.226.197]) by natashya.eden.com (8.8.3/8.8.1) with ESMTP id XAA27383 for ; Wed, 15 Jan 1997 23:26:01 -0600 (CST) Received: (from peter@localhost) by levitron.pcj.com (8.8.4/8.7.3) id XAA01111; Wed, 15 Jan 1997 23:25:58 -0600 Message-Id: <199701160525.XAA01111@levitron.pcj.com> Date: Wed, 15 Jan 1997 23:25:58 -0600 From: Peter Jensen Reply-To: peter@eden.com To: krb5-bugs@MIT.EDU Subject: Unclear instructions for loading v4 dumps X-Send-Pr-Version: 3.99 >Number: 345 >Category: krb5-doc >Synopsis: Info on loading v4 db dumps doesn't work; bad error message in kdb5_util >Confidential: no >Severity: non-critical >Priority: medium >Responsible: krb5-unassigned >State: open >Class: doc-bug >Submitter-Id: unknown >Arrival-Date: Thu Jan 16 00:27:01 EST 1997 >Last-Modified: >Originator: Peter Jensen >Organization: LBJ High School >Release: 1.0 >Environment: System: AIX 9507C-UP Bonnie 1 4 000000383000 >Description: The instructions given in krb425.texinfo for loading and converting a v4 database don't work without some modification. It is possible to load a v4 database, but you must first have created a v5 stash file or specify a command line option (-K) for kdb5_util load_v4. This isn't mentioned in the krb425.texinfo docs, and the error message that kdb5_util gives you when you don't have a v5 stash file isn't very descriptive. The instructions for upgrading the master KDC say: 1. Install Kerberos V5 on each KDC, according to the instructions in the Kerberos V5 Installation Guide, up to the point where it tells you to create the database. 2. [kill v4 kadmind] 3. [dump the v4 database] 4. Load the V4 dump into a Kerberos V5 database, by issuing the command: % kdb5_util load_v4 v4-dump 5. Create a Kerberos V5 stash file, if desired, by issuing the command: % kdb5_util stash This tells you not to create a v5 database before loading the v4, which makes sense because it will be trashed by the load. The problem is that the load_v4 dies without a v5 stash file or the -K option, neither of which is mentioned in the krb425 documentation. Thus, when krb425.texinfo tells you to do "kdb5_util load_v4 v4-dump" you don't have a v5 stash file anywhere and it dies with the following error message: "master key name 'K/M@LBJHS.AUSTIN.ISD.TENET.EDU' load_v4: Cannot find/read stored master key while reading master key" This message should make it clearer that it can't find a v5 master key. I thought that it was having trouble reading the v4 master key until I got Sam Hartman to look at it for me, and he knew enough of the actual process to find the easy and proper fixes (mentioned in Fix: section). >How-To-Repeat: -get a v4 database, and dump it with "kdb_util dump v4-dump" -make sure that there is no v5 stash file, to simulate a new install. -try to "kdb5_util load_v4 v4-dump". >Fix: Sam's first fix was to "kdb5_util create -s" a database and then "kdb5_util destroy" it, leaving the stash file there. The "kdb5_util load_v4 v4-dump" went fine then. Another (preferable) fix is to specify the -K option on the kdb5_util load_v4 command line: % kdb5_util load_v4 -K v4-dump would prompt you for the new master key and then run sucessfully. Can someone mentioned the AIX4/PTY problems? Those get kinda annoying. ;) Thanks for providing a great product; I'm looking forward to trying out all of v5's new features. The problems with the PTY code crashing AIX4 are quite annoying, but we're just running v4 klogind on our two AIX4 machines. Thanks, Peter >Audit-Trail: >Unformatted: