Skip Menu |
 

Download (untitled) / with headers
text/plain 4.8KiB
From jhawk@MIT.EDU Sat Oct 5 18:51:22 1996
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA29284 for <bugs@RT-11.MIT.EDU>; Sat, 5 Oct 1996 18:51:21 -0400
Received: from STEVE-DALLAS.MIT.EDU by MIT.EDU with SMTP
id AA21475; Sat, 5 Oct 96 18:51:20 EDT
Received: by steve-dallas.MIT.EDU (940816.SGI.8.6.9/4.7) id SAA15335; Sat, 5 Oct 1996 18:51:20 -0400
Message-Id: <199610052251.SAA15335@steve-dallas.MIT.EDU>
Date: Sat, 5 Oct 1996 18:51:20 -0400
From: jhawk@bbnplanet.com
Reply-To: jhawk@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: kdb5_util doesn't create policy db with -old

Show quoted text
>Number: 62
>Category: krb5-admin
>Synopsis: kdb5_util doesn't create policy db with -old
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bjaspan
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sat Oct e 18:52:00 EDT 1996
>Last-Modified: Tue Oct e 13:40:46 EDT 1996
>Originator: John Hawkinson
>Organization:
BBN Planet
Show quoted text
>Release: beta-7
>Environment:
System: SunOS all-purpo 4.1.4 4 sun4m
Architecture: sun4

Show quoted text
>Description:

Creating a database with "kdb5_util load -old mumble"
fails to create the admin policy database.

Show quoted text
>How-To-Repeat:

Run:
kdb5_util load -old mumble

Then try to use kadmind. Watch it fail.

Show quoted text
>Fix:

Show quoted text
>Audit-Trail:

From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: jhawk@MIT.EDU
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-admin/62: kdb5_util doesn't create policy db with -old
Date: Mon, 7 Oct 1996 17:34:49 -0400

I'm not sure why this isn't working in the beta 7 release, but in the
current development sources it breaks for another reason: admin_dbname
can no longer be specified independently, but load_db assumes it can.
I'll fix this; I'm appending this note as a reminder.


From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: jhawk@MIT.EDU
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-admin/62: kdb5_util doesn't create policy db with -old
Date: Tue, 8 Oct 1996 13:06:11 -0400

John,

Your bug report says that "kdb5_util load -old" fails to create the
admin policy database. Now that I think about it, I believe the
problem is that you think load is supposed to do something it is not
supposed to do.

kdb5_util load is not the same as kdb5_util create with initial data.
kdb5_util load loads a dump file into an *existing* database. Thus,
you must always perform a kdb5_util create on a machine before you can
run kdb5_util load. The kdb5_util create will create an empty policy
database.

If you want to transfer an existing, old database to the new system,
you need to:

kdb5_edit dump dump-file
kdb5_util create
kdb5_util load dump-file

Does this make sense?

Barry


From: John Hawkinson <jhawk@bbnplanet.com>
To: krb5-bugs@MIT.EDU
Cc: Subject: Re: krb5-admin/62
Date: Tue, 8 Oct 1996 13:24:25 -0400 (EDT)

From -i watchmaker.

Auth: yes Time: 13:08:26 Date: Tue Oct 8 1996 Host: dun-dun-noodles
From: Barry Jaspan <bjaspan>

Yes.

I see in your other kdb5_util bug report that you discovered create is a
pre-req for load.

Auth: yes Time: 13:09:08 Date: Tue Oct 8 1996 Host: all-purpose-gunk.near.net
From: John Hawkinson <jhawk>

It varies.
That was my initial assumption.
But Ted suggested I load without creation.
The problem with just creating is that requires me to know K/M for the
old database, and I consider that an unreasonable requirement.

Auth: yes Time: 13:10:11 Date: Tue Oct 8 1996 Host: dun-dun-noodles
From: Barry Jaspan <bjaspan>

Hmmm. Create, use a dummy K/M pw, and copy the old stash file?

The load semantics will get more complicated if it has to support being
create, also.

Auth: yes Time: 13:11:22 Date: Tue Oct 8 1996 Host: dun-dun-noodles
From: Barry Jaspan <bjaspan>

... although I suppose "create the policy db if it does not exist"
would not be such a complication.

Auth: yes Time: 13:11:41 Date: Tue Oct 8 1996 Host: all-purpose-gunk.near.net
From: John Hawkinson <jhawk>

Eh? This works fine if create is only being used to instantiate the admin
policy database, and nothing in the admin policy database is encyrpted
with K/M. That seems to be the current state, but it is hardly intuitive.
I suppose you could document it as the prescribed workaround.
I would rather see either:

1) kdb_util load creates the admin policy database
2) kdb_util create can read a stash file

State-Changed-From-To: open-closed
State-Changed-By: bjaspan
State-Changed-When: Tue Oct 8 13:38:53 1996
State-Changed-Why:

kdb5_util load now handles policy databases much more cleanly overall,
and will create a policy database if it does not already exist when
the the user loads an old dump file.

This PR is related to but not exactly identical to krb5-admin/58.

Files:

lib/kadm5/ChangeLog:1.7
kadmin/dbutil/ChangeLog:1.22

Show quoted text
>Unformatted: