Skip Menu |
 

Download (untitled) / with headers
text/plain 3.9KiB
From peter@eden.com Thu Jan 16 00:26:06 1997
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id AAA22271 for <bugs@RT-11.MIT.EDU>; Thu, 16 Jan 1997 00:26:05 -0500
Received: from natashya.eden.com by MIT.EDU with SMTP
id AA14745; Thu, 16 Jan 97 00:26:05 EST
Received: from levitron.pcj.com (peter@net-7-197.austin.eden.com [206.81.226.197]) by natashya.eden.com (8.8.3/8.8.1) with ESMTP id XAA27383 for <krb5-bugs@mit.edu>; Wed, 15 Jan 1997 23:26:01 -0600 (CST)
Received: (from peter@localhost) by levitron.pcj.com (8.8.4/8.7.3) id XAA01111; Wed, 15 Jan 1997 23:25:58 -0600
Message-Id: <199701160525.XAA01111@levitron.pcj.com>
Date: Wed, 15 Jan 1997 23:25:58 -0600
From: Peter Jensen <peter@eden.com>
Reply-To: peter@eden.com
To: krb5-bugs@MIT.EDU
Subject: Unclear instructions for loading v4 dumps
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 345
>Category: krb5-doc
>Synopsis: Info on loading v4 db dumps doesn't work; bad error message in kdb5_util
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: doc-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Jan 16 00:27:01 EST 1997
>Last-Modified:
>Originator: Peter Jensen
>Organization:
LBJ High School
Show quoted text
>Release: 1.0
>Environment:

System: AIX 9507C-UP Bonnie 1 4 000000383000
Show quoted text
>Description:
The instructions given in krb425.texinfo for loading and converting a v4
database don't work without some modification. It is possible to load a
v4 database, but you must first have created a v5 stash file or specify a
command line option (-K) for kdb5_util load_v4. This isn't mentioned in the
krb425.texinfo docs, and the error message that kdb5_util gives you when you
don't have a v5 stash file isn't very descriptive.

The instructions for upgrading the master KDC say:
1. Install Kerberos V5 on each KDC, according to the instructions in
the Kerberos V5 Installation Guide, up to the point where it tells
you to create the database.
2. [kill v4 kadmind]
3. [dump the v4 database]
4. Load the V4 dump into a Kerberos V5 database, by issuing the
command:
% kdb5_util load_v4 v4-dump
5. Create a Kerberos V5 stash file, if desired, by issuing the
command:
% kdb5_util stash

This tells you not to create a v5 database before loading the v4, which
makes sense because it will be trashed by the load. The problem is that the
load_v4 dies without a v5 stash file or the -K option, neither of which is
mentioned in the krb425 documentation.

Thus, when krb425.texinfo tells you to do "kdb5_util load_v4 v4-dump" you
don't have a v5 stash file anywhere and it dies with the following error
message:
"master key name 'K/M@LBJHS.AUSTIN.ISD.TENET.EDU'
load_v4: Cannot find/read stored master key while reading master key"

This message should make it clearer that it can't find a v5 master key. I
thought that it was having trouble reading the v4 master key until I got Sam
Hartman to look at it for me, and he knew enough of the actual process to
find the easy and proper fixes (mentioned in Fix: section).
Show quoted text
>How-To-Repeat:
-get a v4 database, and dump it with "kdb_util dump v4-dump"
-make sure that there is no v5 stash file, to simulate a new install.
-try to "kdb5_util load_v4 v4-dump".
Show quoted text
>Fix:
Sam's first fix was to "kdb5_util create -s" a database and then "kdb5_util
destroy" it, leaving the stash file there. The "kdb5_util load_v4 v4-dump"
went fine then. Another (preferable) fix is to specify the -K option on the
kdb5_util load_v4 command line:
% kdb5_util load_v4 -K v4-dump
would prompt you for the new master key and then run sucessfully.

Can someone mentioned the AIX4/PTY problems? Those get kinda annoying. ;)
Thanks for providing a great product; I'm looking forward to trying out all
of v5's new features. The problems with the PTY code crashing AIX4 are quite
annoying, but we're just running v4 klogind on our two AIX4 machines.
Thanks,
Peter
Show quoted text
>Audit-Trail:
>Unformatted: