-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We are having recurrent problems with kadmind not being able to lock the kerberos database. Here is an example:
This is from my kadmin client: $ /usr/sbin/kadmin Authenticating as principal natejohn/[EMAIL PROTECTED] with password. Password for natejohn/[EMAIL PROTECTED]: kadmin: delprinc smtp/<fqdn>@IU.EDU Are you sure you want to delete the principal "smtp/<fqdn>@IU.EDU"? (yes/no): yes delete_principal: Unknown code adb 10 while deleting principal "smtp/<fqdn>@IU.EDU" This is from the master kdc's logs: Sep 17 15:11:20 <kdc> kadmind[5951]: Request: kadm5_randkey_principal, smtp/<fqdn>@IU.EDU, Cannot lock database, client=natejohn/[EMAIL PROTECTED], service=kadmin/[EMAIL PROTECTED], addr=<ip address> In the past we have seen the entropy pool dry up on the master kdc, and have thought that it was the problem, but this morning /proc/sys/kernel/random/entropy_avail hovered steadily around 8192 during the period we were having problems. The only solution we've found so far is to reboot the master kdc. We have a system of redundant kdc's so this doesn't interrupt normal transactions, but is clearly not an ideal solution. I'd be happy to file a bug report if that's needed. Please advise, Thanks, Nate Johnson - -- * Nate Johnson, Lead Security Engineer, GCIH * University Information Security Office, Indiana University -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFG7qFcGQUVGJudcw4RAuIuAJ0QfAnexEP6+Rshb5JKkoviAHAEnACfSdzU h3+cXno/gpl9FC9k5YGuWcQ= =N2Xa -----END PGP SIGNATURE----- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
