Your message dated Tue, 09 Jun 2020 14:48:43 +0000 with message-id <e1jifyr-0001hr...@fasolo.debian.org> and subject line Bug#962522: fixed in krb5 1.17-10 has caused the Debian Bug report #962522, regarding libkadm5srv-mit11: krb5 admin programs are unable to find master key stash to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 962522: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962522 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libkadm5srv-mit11 Version: 1.17-9 Severity: important Upgrade to 1.17-9 broke my Kerberos configuration. At first I got an error about missing database (see #962519). Downgrading all packages with krb5 in their name back to 1.17-7 allowed me to start the KDC again, restoring user logins, but the admin server and other administrative programs started giving a different error: Jun 9 11:05:51 capybara kadmind[28039]: Can not fetch master key (error: No such file or directory). while initializing, aborting After puttering about for a while I finally discovered that there were two other library packages from the krb5 source package, this one and the clnt variant. Downgrading those allowed the admin server to start as well. It seems that something in either 1.17-8 or 1.17-9 completely broke configuration handling. In strace of the broken version I can see that it first opens and reads the correct configuration file in /etc, but then tries to stat /var/krb5kdc/kdc.conf and discovers it does not exist: stat("/etc/krb5kdc/kdc.conf", {st_mode=S_IFREG|0644, st_size=849, ...}) = 0 openat(AT_FDCWD, "/etc/krb5kdc/kdc.conf", O_RDONLY) = 3 read(3, "[libdefaults]\n\tdefault_realm = T"..., 4096) = 245 close(3) = 0 stat("/var/krb5kdc/kdc.conf", 0x7fff1257d200) = -1 ENOENT (No such file or directory) It then goes on to trying to open the master key stash at the default location and reports the error when that does not exist: openat(AT_FDCWD, "/var/krb5kdc/.k5.MY.REALM", O_RDONLY) = -1 ENOENT (No such file or directory) write(2, "kadmind: Can not fetch master ke"..., 99) = 99 The working version uses /etc/krb5kdc/kdc.conf throughout and finds the correct master key stash. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.4.35-core2-server (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
--- End Message ---
--- Begin Message ---Source: krb5 Source-Version: 1.17-10 Done: Sam Hartman <hartm...@debian.org> We believe that the bug you reported is fixed in the latest version of krb5, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 962...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sam Hartman <hartm...@debian.org> (supplier of updated krb5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 09 Jun 2020 09:52:34 -0400 Source: krb5 Architecture: source Version: 1.17-10 Distribution: unstable Urgency: low Maintainer: Sam Hartman <hartm...@debian.org> Changed-By: Sam Hartman <hartm...@debian.org> Closes: 962522 Changes: krb5 (1.17-10) unstable; urgency=low . * Also set localstatedir to be consistent with old builds, Closes: #962522 * Include journalctl dump from krb5kdc tests so we can figure out why ppc tests are breaking. Checksums-Sha1: 9f4d1b7d22f355e60db028d91ddc4fef2939c240 3187 krb5_1.17-10.dsc 94d683a1d6222276d3b7c02a72c02097a33ed09f 143852 krb5_1.17-10.debian.tar.xz 5162035b6e7b8eb60f25ae2e07d543ee6b78fdd4 5482 krb5_1.17-10_source.buildinfo Checksums-Sha256: 1ce061fc29b4c1d12c46c07d7a1fc2a16ed026ed5d7bd3e639483bdc27a2007f 3187 krb5_1.17-10.dsc 6d3cefcea2e4839cc3c5e518083048b8eae62a4bc707db05c1900c5bddafa7f5 143852 krb5_1.17-10.debian.tar.xz 70fe0f6bb2f1409ffb0ff781b66917f6fa9d372ef77723fe1d0217da322f9195 5482 krb5_1.17-10_source.buildinfo Files: dc67b1c90755f0430901b905c3e15fcc 3187 net optional krb5_1.17-10.dsc 767afa7ff946b3e770988458b8f5dd82 143852 net optional krb5_1.17-10.debian.tar.xz 705795d7c1ca77c761b1aea0e16b572b 5482 net optional krb5_1.17-10_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE9Li3nMNy++OFgPTCQe7SUh/WssoFAl7fnBAACgkQQe7SUh/W ssoewgf/dEAwSpxFt5smSwpoXcNKVNp0dxffH8TY8qjG62y3eNLTeN5QgNhlY31z lFrh+B1ZVqV/BGJ86gDTf8do8aLGL/ee0488tR79hO89+g1rSu6YeuuyPAdLu718 UUL4uC5eSld7rZJHYOH7/2rTGT9TBo5u2uwWjWRuWu/daJkGvtM+dsWuty0h3Scw qMHl7AUot3wycD9bAg8Gz4cRBS8I/nT2UjT6hybVkkrH5hdgz8aS6s4TgHW695aJ tPKMwm7qAvdaH3btefcXXcj9CoIJlPC43UOa7w3kbrBAwCI2y4ofztuCYBYYcPl6 36lqLBPSelfRSEuRMauGuvo8nuJ72Q== =gBxm -----END PGP SIGNATURE-----
--- End Message ---
