kadmin ktadd and F_WRLCK
Hallo all,
I have a big problem with kerberos5 ktadd. I create a new principal
host/myhost.mydomain. This works ok. Then I want add it to the krb5.keytab,
but ktadd hang. I have make a strace of kadmin and found that
fcntl64(5, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}
is hanging.
Here the strace:
Process 10379 attached - interrupt to quit
read(0, "k", 1) = 1
write(1, "k", 1) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "t", 1) = 1
write(1, "t", 1) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "a", 1) = 1
write(1, "a", 1) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "d", 1) = 1
write(1, "d", 1) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "d", 1) = 1
write(1, "d", 1) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "\177", 1) = 1
write(1, "\10 \10", 3) = 3
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "\177", 1) = 1
write(1, "\10 \10", 3) = 3
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "\177", 1) = 1
write(1, "\10 \10", 3) = 3
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "\177", 1) = 1
write(1, "\10 \10", 3) = 3
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "\177", 1) = 1
write(1, "\10 \10", 3) = 3
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "\177", 1) = 1
write(2, "\7", 1) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "\177", 1) = 1
write(2, "\7", 1) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "\177", 1) = 1
write(2, "\7", 1) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "\33", 1) = 1
read(0, "[", 1) = 1
read(0, "B", 1) = 1
write(2, "\7", 1) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "\33", 1) = 1
read(0, "[", 1) = 1
read(0, "A", 1) = 1
write(1, "ktadd host/fs-v1.tzv.local@TZV.L"..., 36) = 36
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(0, "\r", 1) = 1
write(1, "\n", 1) = 1
rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon -echo ...})
= 0
ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) =
0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGINT, {0xa7f7b5e0, [INT], SA_RESTART}, {0xa7d138c0, [], 0}, 8)
= 0
rt_sigaction(SIGTERM, {SIG_DFL}, {0xa7d138c0, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_DFL}, {0xa7d138c0, [], 0}, 8) = 0
rt_sigaction(SIGALRM, {SIG_DFL}, {0xa7d138c0, [], 0}, 8) = 0
rt_sigaction(SIGTSTP, {SIG_DFL}, {0xa7d138c0, [], 0}, 8) = 0
rt_sigaction(SIGTTOU, {SIG_DFL}, {0xa7d138c0, [], 0}, 8) = 0
rt_sigaction(SIGTTIN, {SIG_DFL}, {0xa7d138c0, [], 0}, 8) = 0
rt_sigaction(SIGWINCH, {SIG_DFL}, {0xa7d13990, [], 0}, 8) = 0
rt_sigaction(SIGCONT, {SIG_DFL}, {0xa7f7b580, [CONT], SA_RESTART}, 8) = 0
time(NULL) = 1204278108
stat64("/etc/krb5.conf", {st_mode=S_IFREG|0644, st_size=453, ...}) = 0
time(NULL) = 1204278108
time(NULL) = 1204278108
getpid() = 10379
write(4, "\200\0\0\350<\303\270q\0\0\0\0\0\0\0\2\0\0\10@\0\0\0\2"..., 236) =
236
select(1023, [4], NULL, NULL, {25, 0}) = 1 (in [4], left {24, 988000})
read(4, "\200\0\0\324<\303\270q\0\0\0\1\0\0\0\0\0\0\0\6\0\0\000"..., 4000) =
216
time(NULL) = 1204278108
time(NULL) = 1204278108
time(NULL) = 1204278108
time(NULL) = 1204278108
getpid() = 10379
getpid() = 10379
write(4, "\200\0\0\360;\303\270q\0\0\0\0\0\0\0\2\0\0\10@\0\0\0\2"..., 244) =
244
select(1023, [4], NULL, NULL, {25, 0}) = 1 (in [4], left {24, 996000})
read(4, "\200\0\1,;\303\270q\0\0\0\1\0\0\0\0\0\0\0\6\0\0\0001`/"..., 4000) =
304
time(NULL) = 1204278108
time(NULL) = 1204278108
open("/etc/krb5.keytab", O_RDWR) = 6
fcntl64(6, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=0}
The server is debian sargewith kerberos from Backports and Kernel 2.6.18.
ii krb5-admin-ser 1.4.4-7etch1~b MIT Kerberos master server (kadmind)
ii krb5-clients 1.4.4-7etch1~b Secure replacements for ftp, telnet and rsh
ii krb5-config 1.6 Configuration files for Kerberos Version 5
ii krb5-doc 1.3.6-2sarge5 Documentation for krb5
ii krb5-ftpd 1.4.4-7etch1~b Secure FTP server supporting MIT Kerberos
ii krb5-kdc 1.4.4-7etch1~b MIT Kerberos key server (KDC)
ii krb5-rsh-serve 1.4.4-7etch1~b Secure replacements for rshd and rlogind usi
ii krb5-telnetd 1.4.4-7etch1~b Secure telnet server supporting MIT Kerberos
ii krb5-user 1.4.4-7etch1~b Basic programs to authenticate using MIT Ker
ii libkrb-1-kerbe 1.2.2-11.2 Kerberos Libraries for Kerberos4 From KTH
ii libkrb5-17-hei 0.6.3-10sarge2 Libraries for Heimdal Kerberos
ii libkrb5-dev 1.4.4-7etch1~b Headers and development libraries for MIT Ke
ii libkrb53 1.4.4-7etch1~b MIT Kerberos runtime libraries
ii libpam-krb5 1.0-12 PAM module for MIT Kerberos
We have many hosts in keytab, so at the last Year it works. The last time, I
have add a host to keytab are the Martch 23 2007.
I hope someone can help me.
regards Monika
--
________________________________________________________________________________
Monika Strack
Institut fuer Nutztiergenetik
Friedrich-Loeffler-Institut
31535 Neustadt e-mail: monika.strack@fli.bund.de
Germany Tel: +49 5034 /871 154
Fax: +49 5034 /871 239
_______________________________________________________________________________
Reply to: