[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DB corruption(?) causing "add" failures

If this doesn't ring a bell, anyone got any suggestions?

We've got a test script that does a bunch of kadmin add operations.   
Some of the add's fail.

We start with a database (imported from a kaserver, mostly) of 14,000  
principals.  Then we start adding new ones.  About 1000 add's in we get  
a block of about 10 failures.  Thereafter we get new blocks of failures  
every few hundred or so.  A failure to create a principal is thereafter  
repeatable.  You can't add a principal with that name.

The failure does not go away even if you dump, erase, and reload the  
whole database.  An error with an unrelated principal is reported  
during the restore:
> kadmin> load dumpfile.o
> dumpfile.o:18710:error parsing keys (1)
> kadmin>
which goes away if you delete the relevant line. Sorting the text dump  
has no effect, but it does change which principal is reported as  
erroneous on restore.

Original error:
> kadmin> add <...options...> testuser01510
> kadmin> add <...options...> testuser01511
> kadmin: kadm5_create_principal: <unknown error>
> kadmin: adding testuser01511: <unknown error>
> kadmin> ...
Retrying the add for testuser01511 gives the same error.  Retrying  
after a dump/restore gives:
> kadmin> add <...options...> testuser01511
> kadmin: kadm5_create_principal: encryption type pw-salt not supported
> kadmin: adding testuser01511: Unknown error
> kadmin>
Since I know someone will ask, the default keys line is:
>         default_keys = v4 des:afs3-salt:jpl.nasa.gov des3:pw-salt  
> arcfour-hmac-md5:pw-salt aes256-cts-hmac-sha1-96:pw-salt
This is Heimdal 0.6.3, kth-krb-1.3rc1, openssl 0.9.7d, Berkeley db  
3.3.11 Solaris 9.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu