On Thu, Jan 22, 2009 at 03:03:44PM -0800, Russ Allbery wrote: > Markus Koeberl <markus.koeb...@tugraz.at> writes: > > On Thursday 22 January 2009 20:36:24 Russ Allbery wrote: > > >> Does the database already exist on the slave? > > > No the database does not exist. The directory /var/lib/krb5kdc is > > empty. After running the commands there are the following entries: > > ~# ls -l /var/lib/krb5kdc/ > > total 472 > > -rw------- 1 root root 261582 Jan 22 22:43 from_master > > -rw------- 1 root root 8192 Jan 22 22:43 principal > > -rw------- 1 root root 188416 Jan 22 22:43 principal~ > > -rw------- 1 root root 8192 Jan 22 22:43 principal~.kadm5 > > -rw------- 1 root root 0 Jan 22 22:43 principal~.kadm5.lock > > -rw------- 1 root root 0 Jan 22 2009 principal~.ok > > > > I have compared the configuration several times with an kdc running on > > etch. But I cannot find a difference. On a etch machine deleting the > > entries of /var/lib/krb5kdc and running the commands works fine. > > Yeah, that's the problem. It's a known bug in MIT Kerberos 1.6. If you > create an empty database with kdb5_util, the propagation will then work > correctly, but it won't cope with not having a database at all. > > It will presumably be fixed in a later release, but as there isn't an > upstream fix yet (so far as I know) I'm afraid lenny is likely to release > with that problem. :/
I noticed this problem with a 1.6 slave, and can confirm that it does not occur with a 1.8 slave (based on 1.8.3+dfsg~beta1-1, backported to lenny). I'd set a Fixed: version, but I'm not certain where the source change is so don't know the exact version I'd put there. Let me know if I can provide any more details. Cheers, Dominic. -- Dominic Hargreaves, Systems Development and Support Team Computing Services, University of Oxford
signature.asc
Description: Digital signature
