>We have a setup where the kerberos database (db2) is hosted on an NFS >server. There are multiple KDC servers each mounting the NFS share and >serving traffic.
I have to say up front that it is generally agreed that putting any database file on a NFS filesystem is a bad idea. Also, it kind of sounds like your multiple KDCs are serving the SAME database file? If so, THAT is a huge problem! >>kdb5_util: Cannot open DB2 database >'/var/kerberos/krb5kdc_shared/principal~': Invalid >argument while deleting >bad database /var/kerberos/krb5kdc_shared/principal I am looking at newer Kerberos code, so perhaps this has changed, but that error comes from krb5_db_destroy() failing. For DB2, that ends up calling krb5_db2_destroy(). That function does a lot of things, and it's hard at a glance to figure out which part of it is failing; I suspect the only way to figure out what is going wrong there is to build a version of Kerberos with full debugging symbols and set a breakpoint on krb5_db2_destroy(). I have a strong suspicion that the database file is getting corrupted in a such a way that the other routines cannot recover, and that's likely due to the use of NFS (especially if multiple KDCs are using the same database file). --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
