> Date: Thu, 26 Jun 2003 14:19:33 -0600 (MDT) > From: "N. Leenders" <[EMAIL PROTECTED]> > X-X-Sender: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: TEXT/PLAIN; charset=US-ASCII > Subject: teething pains > > > Hi, > I'm new to this list and to setting up kerberos and am running into some > problems. > > When running kadmin.local, while cleaning up some of the test principals > I'd set up, I also removed "K/[EMAIL PROTECTED]", not realizing that the > system had put it there. Since then, I haven't been able to run > kadmin.local: > > [EMAIL PROTECTED] root]# kadmin.local > Authenticating as principal root/[EMAIL PROTECTED] with password. > kadmin.local: Cannot find master key record in database while initializing > kadmin.local interface > > So I tried destroying the database so I could start over: > [EMAIL PROTECTED] root]# kdb5_util destroy > kdb5_util: No such entry in the database while retrieving master entry > > And it didn't work to try creating a new one either: > [EMAIL PROTECTED] root]# kdb5_util create -r NIC.UALBERTA.CA -s > create: The database '/var/kerberos/krb5kdc/principal' appears to already > exist > > What else can I try? > Thx, Nadine > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos >
If you are *really* sure you want to start over, something like this should work: # cd /var/kerberos/krb5kdc # ls -lastn total 138 80 -rw------- 1 25131 10 40960 Jun 23 16:48 principal 0 -rw------- 1 25131 10 0 Jun 23 16:48 principal.ok 2 drwxr-xr-x 14 0 2 512 Mar 25 03:51 .. 48 -rw------- 1 25131 10 1049088 Mar 25 02:34 principal.kadm5 2 drwxr-xr-x 2 25131 10 512 Mar 10 2001 . 2 -rw------- 1 25131 10 137 Mar 10 2001 kadm5.keytab 2 -rw-r--r-- 1 25131 10 130 Mar 10 2001 kadm5.acl 2 -rw------- 1 25131 10 26 Mar 10 2001 .k5.NIC.UALBERTA.CA 0 -rw------- 1 25131 10 0 Mar 10 2001 principal.kadm5.lock # rm -i * .* rm: remove kadm5.acl (yes/no)? n rm: remove kadm5.keytab (yes/no)? yes rm: remove principal (yes/no)? yes rm: remove principal.kadm5 (yes/no)? yes rm: remove principal.kadm5.lock (yes/no)? yes rm: remove principal.ok (yes/no)? yes rm of . is not allowed rm of .. is not allowed rm: remove .k5.NIC.UALBERTA.CA (yes/no)? yes # ie, get rid of every file *but* your acl file. You might have more than one acl file (kpropd.acl?), and you might also have a kdc.conf file -- leave those as well. Perhaps best to make a tar file if you aren't quite sure, just in case. But most of this stuff is created as part of your installation process, and has to be in sync with other parts, so you want to get rid of it to start over. Don't forget to kill any running k5 daemons first, if you have any left. Note; if you have a stash file, *in theory*, you could recreate K/M . Most likely you'd have to write a C program to do this, after learning a certain amount about the lower level kdb routines in MIT k5. This is almost certainly not what you want to do in this case, but if you had a real database which you had somehow neglected to back up, you might find it was worth the pain. Tell Bob Beck I said "hi", if you want. -Marcus Watts UM ITCS Umich Systems Group ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos