[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hprop problem with krb4-db database



Love, all

First and foremost, thanks for the patience of helping me through
this. Obviously, I've never done this before, so I might do some
rookie mistakes..

On 11/3/05, Love Hörnquist Åstrand <lha@kth.se> wrote:

> > However, hprop is a bit more cooperating if the dabase is given in
> > ASCII format (i.e. "krb4-dump" format):
>
> Since you say this, I wont comment on the problem above.

Well, this doesn't answer the question on why the above error occurs,
but still. Moving on.


> > [...]
> > root@florians:/var/lib/heimdal-kdc# hprop -d ./slave_dump
> > --source=krb4-dump -n > /tmp/test
> > hprop: krb5_425_conv_principal rcmd.server1@MY.REALM: Failed to
> > convert v4 principal
>
> It tries to do mapping between the service name "rcmd.server1" that is the
> kerberos4 style name to the FQDN host/service1.example.org@MY.REALM", but
> since the machine can't be found in dns or the [domain_realm] mapping file,
> it failes. Check if the machine is does exists, and if it does, that the
> FQDN is and why it hprop can't resolve the address in KDC.

Got that, will fix and/or recreate those principals in the new
database (no biggie). However, I have a bigger problem

First, I manually removed from that krb4-dump file  all "rcmd..."  
other "questionable"/already existing principals (e.g.  "changepw",
"krbtgt", etc). Btw, do I really need to remove them manually ??
Anyway. I tried the procedure below both with and without those
principals in the dump, with same result.

After "cleaning" the dump, when trying to importing the resulting
krb4-dump my resulting principal database becomes garbled:

root@florians:/var/lib/heimdal-kdc# kinit oteflo0507/admin
oteflo0507/admin@IPSC.SECODE.COM's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week

root@florians:/var/lib/heimdal-kdc# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: oteflo0507/admin@MY.REALM.COM

  Issued           Expires          Principal
Nov  4 10:27:51  Nov  4 20:27:51  krbtgt/MY.REALM.COM@MY.REALM.COM
Nov  4 10:27:51  Nov  4 20:27:51  krbtgt/MY.REALM.COM@MY.REALM.COM
Nov  4 10:28:21  Nov  4 11:28:21  kadmin/admin@MY.REALM.COM

   V4-ticket file: /tmp/tkt0
        Principal: oteflo0507.admin@MY.REALM.COM

  Issued           Expires          Principal
Nov  4 10:27:51  Nov  4 20:27:51  krbtgt.MY.REALM.COM@MY.REALM.COM


root@florians:/var/lib/heimdal-kdc# kadmin list */*
  kadmin/admin@MY.REALM.COM
  kadmin/hprop@MY.REALM.COM
  kadmin/changepw@MY.REALM.COM
  oteflo0507/admin@MY.REALM.COM
  changepw/kerberos@MY.REALM.COM
  krbtgt/MY.REALM.COM@MY.REALM.COM
  host/host1.my.domain.com@MY.REALM.COM
  host/host2.my.domain.com@MY.REALM.COM
  hprop/host1.my.domain.com@MY.REALM.COM
  hprop/host2.my.domain.com@MY.REALM.COM


root@florians:/var/lib/heimdal-kdc# hprop -n -d ./slave_dump.working2
--source=krb4-dump --master-key=./.k   | hpropd -n

root@florians:/var/lib/heimdal-kdc# kadmin list */*
kadmin: kadm5_get_principals: Key table entry not found

kadmin> root@florians:/var/lib/heimdal-kdc# kadmin -l
kadmin> list */*
kadmin: get K/M@MY.REALM.COM: Invalid argument
kadmin: get afs/neon@MY.REALM.COM: Invalid argument
kadmin: get httpd/host3@MY.REALM.COM: Invalid argument
kadmin: get tobbe/root@MY.REALM.COM: Invalid argument
kadmin: get httpd/host4@MY.REALM.COM: Invalid argument
kadmin: get httpd/host5@MY.REALM.COM: Invalid argument
kadmin: get tobbe/admin@MY.REALM.COM: Invalid argument
kadmin: get httpd/host1@MY.REALM.COM: Invalid argument
kadmin: get httpd/host6@MY.REALM.COM: Invalid argument
kadmin: get httpd/host7@MY.REALM.COM: Invalid argument
kadmin: get httpd/host8@MY.REALM.COM: Invalid argument
kadmin: get httpd/host2@MY.REALM.COM: Invalid argument
kadmin: get httpd/hosst9@MY.REALM.COM: Invalid argument
kadmin: get backup/host10@MY.REALM.COM: Invalid argument
kadmin: get httpd/host11@MY.REALM.COM: Invalid argument
kadmin: get user1/root@MY.REALM.COM: Invalid argument
kadmin: get user2/root@MY.REALM.COM: Invalid argument
kadmin: get user3/root@MY.REALM.COM: Invalid argument
kadmin: get user4/root@MY.REALM.COM: Invalid argument
kadmin: get user5/admin@MY.REALM.COM: Invalid argument
kadmin: get user6/admin@MY.REALM.COM: Invalid argument
...

root@florians:/var/lib/heimdal-kdc# kdestroy

root@florians:/var/lib/heimdal-kdc# kinit oteflo0507/admin
oteflo0507/admin@MY.REALM.COM's Password:
kinit: Can't send request (send_to_kdc)
kinit: krb5_get_init_creds: unable to reach any KDC in realm IPSC.SECODE.COM


Thanks again for any help