Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

An engineer is someone who does list processing in FORTRAN.

devel / comp.protocols.kerberos / kdb5_util-1.15.1: Invalid argument while making newly loaded database live

SubjectAuthor
o kdb5_util-1.15.1: Invalid argument while making newly loaded database liverachit chokshi

1
kdb5_util-1.15.1: Invalid argument while making newly loaded database live

<mailman.33.1709544237.2322.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=484&group=comp.protocols.kerberos#484

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: rachitch...@gmail.com (rachit chokshi)
Newsgroups: comp.protocols.kerberos
Subject: kdb5_util-1.15.1: Invalid argument while making newly loaded database
live
Date: Mon, 4 Mar 2024 01:23:39 -0800
Organization: TNet Consulting
Lines: 31
Message-ID: <mailman.33.1709544237.2322.kerberos@mit.edu>
References: <CAFYwyBV5j4jNUVvjZFU4t=n+JJa=EQwbznAHgd9+xEevW8+wmQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="20584"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: kerberos@mit.edu
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=i3nsq6NR;
dkim=pass (2048-bit key,
unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
header.s=20230601 header.b=eaD5nWkk
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=nXeo6RlTAD2SophH9QsSz6F+UxYnA4YSwUDXxKDGNfkEMdgyzP3MNHQORPvK3MwUTD0vcWLraN1dp/NPW/y7RdM3iRchPsQpy5F6ME6VZm3gZ93eEVNAucJV/xIHySsWxO5/vUw0TKsRJUVvaNbie+LFoueuzptiKtTg3Uk5mGvQg0Zc4g8WN9dt6JwicI6m8jfZNcbmdQk4nLu136AeXE+yExYoN1uD2nnWLG5q7oLwMhbKGBPm+253wG87AoOtc6xQeNp0Rq/aeFk8C6mdx6Hmousi5FkEtbhK8eJvgiCh7gMEPxgALnH9Mie6YI4cJ7V7eBZvC+uKv5l6k3KDng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=tQtb8yvjfciKSwBB63Vnpd1V0AWnbsnfe1jAWfeT1kE=;
b=BAWJYVnYmnH2OpnMbxh3iccmS3v6KZBpgCskMf6OrjUQQp0vJEwYeQRIGwBddLYDuBpozbpJilwrBvscdDb1Kpn4j5Qr3P8KzJ7OkP3jTf6qMOLBTAs/l0Pbujy/RthxJrUXZrsUHDQCBZiABwwYM1HG6ALpS+mlCj67LYnJ71ZOOqduA98b3U2aZ28Yf3e76PTgE8/KJeS84p1y8YDXf4juShhnd34naXUNA9nvIPTsTABixKHXw7LiLM1Rjr7ucqj9EBRGxXxrtZbAN2VaUlc4VhR09Txdwv4vYy+/W5I02AJcrGVV+KVM35UNQg10gdrPlL/DOMPwKepUB9TFPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
209.85.222.50) smtp.rcpttodomain=mit.edu smtp.mailfrom=gmail.com; dmarc=pass
(p=none sp=quarantine pct=100) action=none header.from=gmail.com; dkim=pass
(signature was verified) header.d=gmail.com; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=tQtb8yvjfciKSwBB63Vnpd1V0AWnbsnfe1jAWfeT1kE=;
b=i3nsq6NRDDr+7q1ICa7/+RrIweuitanPzuah0+6ZUs2at0MQX2oE68lkgwEUeP7jvfUtRsfCiLqJHODJrPPFrRAb7I5912ZXltgDoW+vH9IysIz0Y8yDpPhyiV5I4PbQy6ArIrAieitXZ3UODMncHCd56MOfMePhlEm/AnsdpdY=
Authentication-Results: spf=pass (sender IP is 209.85.222.50)
smtp.mailfrom=gmail.com; dkim=pass (signature was verified)
header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;
Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates
209.85.222.50 as permitted sender) receiver=protection.outlook.com;
client-ip=209.85.222.50; helo=mail-ua1-f50.google.com; pr=C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1709544230; x=1710149030; darn=mit.edu;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=tQtb8yvjfciKSwBB63Vnpd1V0AWnbsnfe1jAWfeT1kE=;
b=eaD5nWkkI4qmt5ctSKWE0nz1c9ymCuqGuevADTeixj7k24gqzRzTPaqzl3icKQparR
VYm9O6T/D0/KTsfPww2SEPyIHDI6f95BDnnvFdihcw+V+Q37fqCUM2BZ8PMJ15g1gNGM
KzaoKG9i891UJ0pA8rsAcnPh/zuRnxbreAT/XuYVHNueuGUzVNWw67f81aTLu4WgSxmW
lKuazRzFwVspDoe1xNEG04Qd/tPfSXtxmZ6Vg4GSdkBesDTsCtRiRfnU8q6B1KZMBE5C
3CqwATsRNPieFrn3a5WiOZE3zM0vxJxvVJnsK19B9R3HlWIfuPNODefTuJS25tAlNcgU
zAag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1709544230; x=1710149030;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=tQtb8yvjfciKSwBB63Vnpd1V0AWnbsnfe1jAWfeT1kE=;
b=Pm1WdmXvo+o7EUBhXTX1kM3WI0KYWHZUMyC/wHQJt6f2XE5bzSZKoWpzHnB6w1VjVC
taVnlO0jXYwD3pix/XNiU9qNn1BVFiT87XZh9NGkmUpFAaGvxWLAalRuabs4ZxKZ3PWn
iKGrxjoImA2Tf8frFaXQknDQuLWd/3N+0ODh//KOAt8EWeEwEvksqeI4ZwJmOLLDcuak
PSeQLvBL6rrIo4IDXdXT3GM53ZwlR0ickMirPXSYwTNHcFOTQ3J9XF7TZrLyAatDmwLT
GcCH8hk3nvqU6HZuRRocGvjUH+LxdnTaA+rEMnMYtmZQObQMB0UrXvuSmx41B/McKYue
rqlQ==
X-Gm-Message-State: AOJu0Yx/PfyTHSGD0aNBld6xasaerEBCzVP6heex/kwH8HhPw8TGGXwk
/LApQxtHBzTew86h+cor6erozhjKuAmEkVh/RzP16UEx+sJ1J1weOMVrogmo1mL28i3b9IeQSR1
DmVdXUdHIO99nyGcr2KwRV4eGTjXPROKXmK4=
X-Google-Smtp-Source: AGHT+IFlap0/C4EgxlDzamnS02RuW66tBxUVCu6eWbxTQFKynFLP/W61cAa8jgErzJYoCnfZl9e9vXuZhvfrmOcjmsQ=
X-Received: by 2002:a05:6122:178f:b0:4d3:3c71:d340 with SMTP id
o15-20020a056122178f00b004d33c71d340mr5793096vkf.11.1709544230413; Mon, 04
Mar 2024 01:23:50 -0800 (PST)
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MN1PEPF0000ECD5:EE_|MW4PR01MB6259:EE_
X-MS-Office365-Filtering-Correlation-Id: 7180f870-035b-4114-574a-08dc3c2cce0b
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: akBcxyRowNCE2ktFjYssDxPQv/CIUDuwgZ+Yi3ZDMMW+GQbL2au5H+9i5sJ2BlLDxA1TWx4Iuzqa3U0V8I4dAm/vUWTs4GJ4L8hdAB8SSeOVDTHzDjPfNm5tRyrib72sd1N4Eqrrl5puzGAoLJlcvt2M01llwYSGczycLF6w4Kvj/eLU0Fp3aubfFD8PoUMPCLSa8NyTtYwPrsyWvstSBWA1EuOJe71ER0cOdL/0q5Ne7ZodLFd6DJ38JDHxQ2pxgEY5nhlMB1XsEEUHCX7iK4kD54kH7OoZGjjMApE24b2gSSD/Oe86nzp6V+DFFLaJUGpnTkbacJ/VX6JVFpoCg1eJ+CPXVYPyUezS9Dd5caXxa7eBDm5lsrZQg95izFo7EUkd/9ahq4q5snoQ5PPhglPLON6EOt2SGzvDn3M1HlFlvK2PU2OAkpdtBoMdNqxPSjbUpu4YyN9SIRqJNK44gXWXijQWAeuc3Ev8UlW+iiZu9/IszOAgMIsc995rFlwUgtQkt3M2rhMv/aljW25n/K2mBhfRj6+qt39T4UmjCHeGXjX6wqd7uds5oeAN0gkvMkGESBWR2HY9OnnnkHIphLQS4JDuSWgBw2L9F1Qlul8qhxfcPubKtIAar9xfIa32VdahIKpA/z7GkiSxoGdsdF5er5dT8qf8O4KXCNnS65KfHIJ2fG7a9hQNqwVOkDhODKU84nnpmjRvh6eSpa4KQ4eKq10oTdC7+2OhR+yNqKiQdbw9mr5mX8o/5hzO/GiF
X-Forefront-Antispam-Report: CIP:209.85.222.50; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mail-ua1-f50.google.com; PTR:mail-ua1-f50.google.com;
CAT:NONE; SFS:(13230031)(376005)(61400799018); DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Mar 2024 09:23:51.2220 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7180f870-035b-4114-574a-08dc3c2cce0b
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: MN1PEPF0000ECD5.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR01MB6259
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <CAFYwyBV5j4jNUVvjZFU4t=n+JJa=EQwbznAHgd9+xEevW8+wmQ@mail.gmail.com>
 by: rachit chokshi - Mon, 4 Mar 2024 09:23 UTC

Hello,
We have a setup where the kerberos database (db2) is hosted on an NFS
server. There are multiple KDC servers each mounting the NFS share and
serving traffic.

For replicating data into the NFS hosted database from an external master
KDC. We have a sync job setup that runs "kdb5_util load" against the NFS
hosted database every few minutes (~5m)

Approximately once every month, we experience a corruption scenario where
the "kdb5_util load" starts crashing with the below error strings.

>kdb5_util: Cannot open DB2 database
'/var/kerberos/krb5kdc_shared/principal': Invalid argument >while making
newly loaded database live
>kdb5_util: Cannot open DB2 database
'/var/kerberos/krb5kdc_shared/principal~': Invalid >argument while deleting
bad database /var/kerberos/krb5kdc_shared/principal

After the system enters into this state. There is a complete outage.
Existing running KDCs processes are unable to access the database (Cannot
open DB2 database). Only way to recover is to delete the database and
create a new one from the dump.

It would be a great help, If anybody can help us understand where things
are going wrong and what can be done to avoid this situation. Tried going
through the code, no pointers found so far.

Thank you,
Rachit

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor