From owner-freebsd-questions@FreeBSD.ORG Sun Mar 2 04:36:03 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AB79ADBA for ; Sun, 2 Mar 2014 04:36:03 +0000 (UTC) Received: from mail-ig0-x236.google.com (mail-ig0-x236.google.com [IPv6:2607:f8b0:4001:c05::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 742DE18EE for ; Sun, 2 Mar 2014 04:36:03 +0000 (UTC) Received: by mail-ig0-f182.google.com with SMTP id uy17so4971777igb.3 for ; Sat, 01 Mar 2014 20:36:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=fmwESRlBQvQ6qfAZXVlFsfFBryW7z2nkD0Yy4yB9hI4=; b=Q/IWC3MF0FCo+jtQzRmaCEX6PjyMYAhIDWNMZRnhTTWQVTSDs0hE7OKQpIZnMa/gVk EyUQba7xzStCJVeYtDoOM/Ein8kIzIijIQLeAEDcATnb2ReLM3O7rk80vQ32er0qbHHL NWpxtVPA61SX1nZuEz4NGFRQCpvs5x7IOAFhffghW35XEjBrZhgJ9K0sKDc44s4VkimD XT397zgErjTZww/Zy2d8FLjjkSPNYzqjP8Ef/id+/PW8cMqvx+z1auGnDD0ObQjcjadz +DjOvcelWSrXjadgIhk0rUYfoPPLNZy/Hlcw9nM87qGEOEZ9tZUz/ZMdwIjOeJvmLdBt bhAw== MIME-Version: 1.0 X-Received: by 10.50.50.241 with SMTP id f17mr14272398igo.23.1393734962195; Sat, 01 Mar 2014 20:36:02 -0800 (PST) Received: by 10.64.12.17 with HTTP; Sat, 1 Mar 2014 20:36:02 -0800 (PST) In-Reply-To: References: Date: Sat, 1 Mar 2014 20:36:02 -0800 Message-ID: Subject: Re: heimdal and BDB troubles after upgrading to 10 From: Matt Mullins To: nightrecon@hotmail.com Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Mar 2014 04:36:03 -0000 I did set that -- I was firmly informed of that when I went to build db46 against FreeBSD 10 :) It turns out I managed to get it working, though: I manually built Heimdal 1.5.2 with "./configure CXX=g++46 CC=gcc46", since clang doesn't see /usr/local/include as a default path. After running ./configure, I also had to manually comment out the "#define HAVE_DB1 1" line from include/config.h, since that apparently supercedes using DB3-style APIs in Heimdal. That got me a working copy of "kadmin" that I was able to run out of my home directory (didn't even bother running "make install"), from which I was able to "./kadmin/kadmin -l" and use the "dump" command to dump the database to text. Loading it was a matter of running the system "kadmin -l" and using load to restore it. Since I already had it in text form, I went ahead and removed the heimdal port and migrated to the version included with base. Also for the people finding this on Google later: I got a lot of "krb5_crypto_init failed: encryption key has bad length" ... turns out I'd also removed the "mkey" file in my attempt to remove the old database, and the textual dumps are still encrypted with it. Replaced the mkey from backup, and suddenly I had working Kerberos again. Thanks for your suggestion! Hopefully my experience wasn't too far-fetched. On Sat, Mar 1, 2014 at 11:13 AM, Michael Powell wrote: > Matt Mullins wrote: > > > It looks like I've managed to break my KDC by upgrading to 10 -- all I > can > > seem to get the KDC to do is give me the following error: > > > > 2014-02-28T22:46:02 Failed to open database: dbopen (/var/heimdal/foo): > > Inappropriate file type or format > > > > I've tried building db5 (replacing db46 which is also still installed on > > my machine -- apparently deprecated in the meantime), and rebuilding > > heimdal against it, all to no avail. > > > > db_verify-5 reports that the database file is in good health. gdb tells > > me that for some reason, heimdal is trying to use the libc's dbopen() > > instead of db5's -- is there a way I can coerce heimdal into using the > > right library? > > > > My krb5.conf has: > > [kdc] > > database = { > > dbname = /var/heimdal/foo > > realm = LOCAL.MMLX.US > > mkey_file = /var/heimdal/foo.mkey > > log_file = /var/heimdal/bar > > acl_file = /var/heimdal/kadmind.acl > > } > > enable_kereberos4 = false > > enable_http = false > > Have you tried the WITH_BDB_VER=5 or WITH_BDB_VER=6 in make.conf as per > UPDATING entry 20131216: before building? > > -Mike > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >