Kerberos stash problems

Greg Julius greg at outtacyte.com
Thu Jul 28 23:40:30 UTC 2005 

<third send, never saw the first two hit the list.  Please forgive if you've
seen this one before.  I turned confirm receipt on for this send and am now
trying again after changing my "from" to be equal to my subscription email
in case there is some filtering going at the list>
Hello all,

To start with, I have a Windows SBS 2003 PDC/ADS and a
Linux/Apache/MySQL/PHP server (Fedora Core 2, all updates applied).  The
Linux box is for web development and file storage.  I need to get write
access to the Samba shares, I don't need any security to speak of in the
short term (Meaning NOW).  Guest would be fine if it could write on the
shares.  I would like to get the Linux box to join the ads so I can avoid
paying outrageous fees for each file server.

Based upon reading, my configuration needs Kerberos to be set up.  So,
that's what I'm up to.

I have no data what-so-ever on the kerberos realm and can set it up from
scratch.  If there is a configuration wizard out there that will step me
through the stuff and then start the kdc then I'll be happy as a clam to run
it.  I have no adversion to reading and trying cookbook approaches either if
anyone has a good, detailed one which covers RedHat.

However, I haven't found such a thing, so I'm attempting to follow
directions that are not tailored to Fedora/RedHat (file placement and such).

The current step of the process is to actually create the kdc database and
the corresponding stash file, to wit:
  "kdb5_util create -r kerberos.example.com -s"
(naturally I have my own realm name substituted)

For a while, I could not even get krb5kdc to find the stash file.  I
resolved that by putting in the fully qualified path and filename in the
configuration file.  Was I supposed to create the stash file and move it
someplace?  BTW, the stash name created by default is the realm name
specified in the kdb5_util command with .k5. prepended.  It is 30 bytes in
size.

All of the other files seem to be ok, except the documation says the kdc
database should be named principal.db and mine doesn't have the suffix.  All
of the others have the specified names except the .k5stash is named as
mentioned above.

The current frustration (my poor keyboard) is this message:
   "krb5kdc: stored master key is corrupted - while fetching master key K/M
for realm EXAMPLE.COM"

I have just created the thing!!! How could it be corrupted?  I have tried
naming it .k5stash, I have tried creating it with the kdb5_util stash
command - same difference.  Just for testing, I made the file open to
everyting, just to see if it was a permissions problem.  No joy.

Anyway, that's where I'm stuck.

Also, what's the protocol for soliciting for paid help? I could use some
serious hand-holding here for a bit of time to get this thing going.

Cheers,
-greg

More information about the fedora-list mailing list