Difference between revisions of "User talk:Haoqili"
From K5Wiki
(→Python Bugs I've encountered and fixed) |
(→Kerberos Bugs I've encountered and fixed (started loggin since Jun 24th).) |
||
Line 10: | Line 10: | ||
: SOLUTION: 1. see if it is true that port [#] is in use by ''netstat -nap | grep [#]'' (I also did ''pgrep -x krb5kdc''). 2. kill the process: ''pkill -x krb5kdc''. note the "-x" is for matching exactly the process "krb5kdc". |
: SOLUTION: 1. see if it is true that port [#] is in use by ''netstat -nap | grep [#]'' (I also did ''pgrep -x krb5kdc''). 2. kill the process: ''pkill -x krb5kdc''. note the "-x" is for matching exactly the process "krb5kdc". |
||
+ | * Can't start kadmind (know because echo $? = 1). The last chunk of auth.log says: |
||
+ | : ERROR: |
||
+ | ::<pre> |
||
+ | ::kadmind[6924]: No dictionary file specified, continuing without one. |
||
+ | ::kadmind[6924]: setting up network... |
||
+ | ::kadmind[6924]: Permission denied - Cannot bind server socket to port 464 address 0.0.0.0 |
||
+ | ::kadmind[6924]: setsockopt(6,IPV6_V6ONLY,1) worked |
||
+ | ::kadmind[6924]: Permission denied - Cannot bind server socket to port 464 address :: |
||
+ | ::kadmind[6924]: skipping unrecognized local address family 17 |
||
+ | ::kadmind[6924]: skipping unrecognized local address family 17 |
||
+ | ::kadmind[6924]: Permission denied - Cannot bind server socket to port 464 address 192.168.165.145 |
||
+ | ::kadmind[6924]: setsockopt(6,IPV6_V6ONLY,1) worked |
||
+ | ::kadmind[6924]: Permission denied - Cannot bind TCP server socket on ::.464 |
||
+ | ::kadmind[6924]: Permission denied - Cannot bind RPC server socket on 0.0.0.0.749 |
||
+ | ::kadmind[6924]: set up 0 sockets |
||
+ | ::kadmind[6924]: no sockets set up? |
||
+ | ::</pre> |
||
+ | : Reason (provided by tlyu): It is trying to bind to a privileged port. you need to give it a different port number. actually, two different port numbers: one for password changing and one for normal kadmin. |
||
+ | : Solution: |
||
+ | ::<pre> |
||
+ | :: in kdc.conf inserted the last two lines here |
||
+ | :: |
||
+ | :: kdc_ports = 8888 |
||
+ | :: kpasswd_port = 8887 |
||
+ | :: kadmind_port = 8886 |
||
+ | ::</pre> |
||
==Python Bugs I've encountered and fixed== |
==Python Bugs I've encountered and fixed== |
Revision as of 14:14, 30 June 2009
Kerberos Bugs I've encountered and fixed (started loggin since Jun 24th).
- When trying to kinit username
- ERROR: kinit: Cannot contact any KDC for realm [your realm fqdn] while getting initial credentials
- SOLUTION: make sure KDC is running. /usr/local/sbin/krb5kdc
- SOLUTION: 1. check log file. I looked in /var/log/auth.log. The bottom of it says: Cannot create reply cache file /var/tmp/krb5kdc_rcache: File exits. 2. sudo rm /var/tmp/krb5kdc_rcache.
- Can't start krb5kdc and in auth.log it says:
- ERROR: Address already in use - Cannot bind server socket to port [#] address [IP address]
- SOLUTION: 1. see if it is true that port [#] is in use by netstat -nap | grep [#] (I also did pgrep -x krb5kdc). 2. kill the process: pkill -x krb5kdc. note the "-x" is for matching exactly the process "krb5kdc".
- Can't start kadmind (know because echo $? = 1). The last chunk of auth.log says:
- ERROR:
- kadmind[6924]: No dictionary file specified, continuing without one.
- kadmind[6924]: setting up network...
- kadmind[6924]: Permission denied - Cannot bind server socket to port 464 address 0.0.0.0
- kadmind[6924]: setsockopt(6,IPV6_V6ONLY,1) worked
- kadmind[6924]: Permission denied - Cannot bind server socket to port 464 address ::
- kadmind[6924]: skipping unrecognized local address family 17
- kadmind[6924]: skipping unrecognized local address family 17
- kadmind[6924]: Permission denied - Cannot bind server socket to port 464 address 192.168.165.145
- kadmind[6924]: setsockopt(6,IPV6_V6ONLY,1) worked
- kadmind[6924]: Permission denied - Cannot bind TCP server socket on ::.464
- kadmind[6924]: Permission denied - Cannot bind RPC server socket on 0.0.0.0.749
- kadmind[6924]: set up 0 sockets
- kadmind[6924]: no sockets set up?
- Reason (provided by tlyu): It is trying to bind to a privileged port. you need to give it a different port number. actually, two different port numbers: one for password changing and one for normal kadmin.
- Solution:
- in kdc.conf inserted the last two lines here
- kdc_ports = 8888
- kpasswd_port = 8887
- kadmind_port = 8886
Python Bugs I've encountered and fixed
- When talking to the terminal shell, a command (in my case, kdbt_util add_mkey) asks for password twice (second time is confirmation). I first tried:
- p = Popen(command.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- (out, err) = p.communicate('password')
- (out2, err2) = p.communicate('password')
- When I ran it, I got a chunk of error that ends with: ValueError: I/O operation on closed file. So what happens is that communicate closes the pipe, it breaks (even if it only runs once).
- Solution code:
- p = Popen(command.split(), stdin=PIPE, stdout=PIPE, stderr=PIPE)
- p.stdin.write('password'+'\n')
- p.stdin.write('password'+'\n')
- Note don't forget the new line at the end.
Tips. Useful little things to know
Python
- p = Popen('blah', stdin=PIPE, stdout=PIPE, stderr=PIPE)
- (out, err) = p.communicate('inputThing\n') <-- don't forget the return "\n" at the end!
- When you're doing a bunch of p=Popen('shell command') be careful because Popen starts a new branch so the next Popen might start without the previous one having completed. To fix this problem, put in:
- if int(p.wait()) != 0: #meaning that it's not executed
- print "error message"
- exit
- Two ways to display outputs after Popen( a command that has to get into something, in my case, getting into kadmin.local) 06262009
- Way 1:
- p = Popen(['commannd', 'all', 'in', 'one', 'line'], stdin=PIPE, stdout=PIPE, stderr=PIPE) #e.g. ['kadmin.local', '-q', 'listprincs']
- if int(p.wait()) != 0:
- print p.stdout.readlines()
- Way 2:
- p = Popen(['command', 'front', 'chunk'], stdin=PIPE, stdout=PIPE, stderr=PIPE) #e.g. ['kadmin.local']
- (out, err) = p.communicate('rest of command') #e.g. 'listprincs'
- print out