Heimdal 1.5.2 problem

Robert Simmons rsimmons0 at gmail.com
Fri May 11 02:41:58 UTC 2012 

I've just installed the new version of Heimdal, 1.5.2 from ports, and
I'm having a problem.

As in the past, BerkeleyDB needs to be enabled with make config so
that there is a backend.  However, I'm still getting the error as if
BerkeleyDB was not enabled, and there is no backend support.

I've followed this process to get to this point:

# cd /usr/ports/security/heimdal
# make config
 *at this point, I've just made sure that BDB and cracklib support are compiled.
# make install
# mkdir /var/db/heimdal
# chmod 600 /var/db/heimdal

Then the following is added to /etc/rc.conf
kerberos5_server_enable="YES"
kerberos5_server="/use/local/libexec/kdc"
kadmind5_server_enable="YES"
kadmind5_server="/usr/local/libexec/kadmind"
kpasswdd_server_enable="YES"
kpasswdd_server="/usr/local/libexec/kpasswdd"

This is my /etc/krb5.conf
[libdefaults]
   default_realm = HOME
   default_etypes = aes256-cts-hmac-sha1-96
[realms]
   EXAMPLE.ORG = {
       kdc = kerberos.home
       admin_server = kerberos.home
       kpasswd_server = kerberos.home
   }
[password_quality]
   policies = builtin:minimum-length builtin:character-class
   min_length = 20
   min_classes = 4
[kdc]
   enable-kerberos4 = false
   enable-524 = false
   require-preauth = true
   allow-anonymous = false
[kadmin]
   require-preauth = true
   default_keys = aes256-cts-hmac-sha1-96:pw-salt
[domain_realm]
   .home = HOME

I then created a key
# kstash --enctype=aes256-cts-hmac-sha1-96 --random-key

Then tried to initialize the realm:
# /usr/local/sbin/kadmin -l
kadmin> init HOME
kadmin: hdb_open: hdb_open: failed initialize database /var/db/heimdal/heimdal
kadmin>

This is the error I get.  Also, after performing this failed init, the
database is actually created in /var/db/heimdal
# ll /var/db/heimdal
total 24
-rw-------  1 root  wheel  16384 May 10 19:56 heimdal.db
-rw-------  1 root  wheel      0 May 10 19:18 heimdal.lock
-rw-------  1 root  wheel    264 May 10 19:17 kdc.log
-rw-------  1 root  wheel     73 May 10 19:18 m-key

According to PR 154711, I've done everything correct, but I'm still
getting the error.
http://www.freebsd.org/cgi/query-pr.cgi?pr=154711

All of the regular dependencies are satisfied:
autoconf-2.68, autoconf-wrapper-20101119, gettext-0.18.1.1,
libiconv-1.14, libtool-2.4.2, m4-1.4.16,1, perl-5.12.4_4,
pkg-config-0.25_1

And, this is the version of BerkeleyDB that it compiles and installs
to satisfy the BDB backend that I enabled during config:
db41-4.1.25_4

Has anyone else successfully installed Heimdal 1.5.2 from ports on
FreeBSD 9.0?  What did you do differently than me?

More information about the freebsd-hackers mailing list