[Maria-discuss] MariaDB unable to read the /etc/krb5.keytab
I am trying to setup MariaDB 10 with GSSAPI support. I following the instructions here: https://mariadb.com/kb/en/mariadb/gssapi-authentication-plugin/ However, whenever I try to start Maria DB I get the following [Warning] mysqld: GSSAPI plugin : default principal 'mariadb/hostname.tld@REALM' not found in keytab [ERROR] mysqld: Server GSSAPI error (major 851968, minor 2529639093) : gss_acquire_cred failed -Unspecified GSS failure. Minor code may provide more information. Keytab FILE:/etc/krb5.keytab is nonexistent or empty. [ERROR] Plugin 'gssapi' init function returned error. Sincerely, Saqib http://saqib.org
Those errors come from GSSAPI/Kerberos APIs, they are not originated directly by the server. You can use environment variable KRB5_TRACE as described in https://web.mit.edu/kerberos/krb5-latest/doc/admin/troubleshoot.html to see more output. Set it before you start up the server. You can also use strace maybe, or a look for usual suspects (does mysql user have read access to keytab, does the keytab exist). You can also use private keytab if this is more convenient for you. On Sat, Jul 22, 2017 at 1:05 AM, Ali, Saqib <docbook.xml@gmail.com> wrote:
I am trying to setup MariaDB 10 with GSSAPI support.
I following the instructions here: https://mariadb.com/kb/en/ mariadb/gssapi-authentication-plugin/
However, whenever I try to start Maria DB I get the following
[Warning] mysqld: GSSAPI plugin : default principal 'mariadb/hostname.tld@REALM' not found in keytab [ERROR] mysqld: Server GSSAPI error (major 851968, minor 2529639093) : gss_acquire_cred failed -Unspecified GSS failure. Minor code may provide more information. Keytab FILE:/etc/krb5.keytab is nonexistent or empty. [ERROR] Plugin 'gssapi' init function returned error.
Sincerely, Saqib http://saqib.org
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
Vladislav, I enabled the TRACE log. But that doesn't produce any logs for this issue. Any other ideas? Sincerely, Saqib http://saqib.org On Fri, Jul 21, 2017 at 4:17 PM, Vladislav Vaintroub <vvaintroub@gmail.com> wrote:
Those errors come from GSSAPI/Kerberos APIs, they are not originated directly by the server.
You can use environment variable KRB5_TRACE as described in https://web.mit.edu/kerberos/krb5-latest/doc/admin/troubleshoot.html to see more output. Set it before you start up the server.
You can also use strace maybe, or a look for usual suspects (does mysql user have read access to keytab, does the keytab exist). You can also use private keytab if this is more convenient for you.
On Sat, Jul 22, 2017 at 1:05 AM, Ali, Saqib <docbook.xml@gmail.com> wrote:
I am trying to setup MariaDB 10 with GSSAPI support.
I following the instructions here: https://mariadb.com/kb/en/mari adb/gssapi-authentication-plugin/
However, whenever I try to start Maria DB I get the following
[Warning] mysqld: GSSAPI plugin : default principal 'mariadb/hostname.tld@REALM' not found in keytab [ERROR] mysqld: Server GSSAPI error (major 851968, minor 2529639093 <(252)%20963-9093>) : gss_acquire_cred failed -Unspecified GSS failure. Minor code may provide more information. Keytab FILE:/etc/krb5.keytab is nonexistent or empty. [ERROR] Plugin 'gssapi' init function returned error.
Sincerely, Saqib http://saqib.org
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
This setting produced a ton of output, always in my experience. The output itself should end up in the error log, this is where stdout/stderr of the server process are redirected. I do not have any other ideas as for how to troubleshoot Kerberos, except the mentioned KRB5_TRACE and perhaps also strace applied to the mysqld process. Sent from Mail for Windows 10 From: Ali, Saqib Sent: Monday, July 24, 2017 7:38 PM To: Vladislav Vaintroub Cc: Maria Discuss Subject: Re: [Maria-discuss] MariaDB unable to read the /etc/krb5.keytab Vladislav, I enabled the TRACE log. But that doesn't produce any logs for this issue. Any other ideas? Sincerely, Saqib http://saqib.org On Fri, Jul 21, 2017 at 4:17 PM, Vladislav Vaintroub <vvaintroub@gmail.com> wrote: Those errors come from GSSAPI/Kerberos APIs, they are not originated directly by the server. You can use environment variable KRB5_TRACE as described in https://web.mit.edu/kerberos/krb5-latest/doc/admin/troubleshoot.html to see more output. Set it before you start up the server. You can also use strace maybe, or a look for usual suspects (does mysql user have read access to keytab, does the keytab exist). You can also use private keytab if this is more convenient for you. On Sat, Jul 22, 2017 at 1:05 AM, Ali, Saqib <docbook.xml@gmail.com> wrote: I am trying to setup MariaDB 10 with GSSAPI support. I following the instructions here: https://mariadb.com/kb/en/mariadb/gssapi-authentication-plugin/ However, whenever I try to start Maria DB I get the following [Warning] mysqld: GSSAPI plugin : default principal 'mariadb/hostname.tld@REALM' not found in keytab [ERROR] mysqld: Server GSSAPI error (major 851968, minor 2529639093) : gss_acquire_cred failed -Unspecified GSS failure. Minor code may provide more information. Keytab FILE:/etc/krb5.keytab is nonexistent or empty. [ERROR] Plugin 'gssapi' init function returned error. Sincerely, Saqib http://saqib.org _______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
participants (2)
-
Ali, Saqib -
Vladislav Vaintroub