When trying to setup kerberos for the first time and if have already setup local KDC prior to this, then you may face this error when setting up security using icm_client
-bash-4.1$ icm_client security -i
[INFO] This configures a very simple Kerberos Server for PHD usage.
[INFO] You should review and adjust the settings to reflect your environment and policies.
[WARNING] Attempt to re-configure previously configured KDC server may fail
Do you wish to configure Kerberos Server? (y/n) [Yes]?
Enter REALM for Kerberos (ex PIVOTAL.IO): PIVOTAL.COM
Enter username for Kerberos Server ADMIN [admin]: admin
Enter new password for Kerberos Server ADMIN:
Re-enter the new password for Kerberos Server ADMIN:
Enter new MASTER password for KDC:
Re-enter new MASTER password for KDC:
[WARNING] Attempt to re-configure previously configure LDAP server may result in data or functionality loss
Do you wish to configure LDAP Server? (y/n) [Yes]? n
[INFO] Attempting to configure KDC and/or LDAP. It may take few minutes...[ERROR] Server error: Security Components Initialization Failed. Error: nullLoaded plugins: dellsysid, fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile Nothing to do
org.apache.commons.exec.ExecuteException: Process exited with an error: 255 (Exit value: 255)
kdb5_util: File exists while creating database '/var/kerberos/krb5kdc/principal'
[ERROR] unable to create master password for KDC.
[ERROR] KDC configuration error
[ERROR] One or more security component configuration failed
[ERROR] Exception: -4005
From the error it says that the file exists. Now if you remove the file and try to create the database again, then you'll face below error:
[root@yacadmedge1 ~]# kdb5_util create -s
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'SAMSUNGAUSTIN.COM',
master key name 'K/M@SAMSUNGAUSTIN.COM'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
kdb5_util: No such file or directory while creating database '/var/kerberos/krb5kdc/principal'
You need to stop and remove the old KDC database and run the command again.
$ /etc/init.d/krb5kdc stop $ /etc/init.d/kadmin stop $ kdb5_util destroy $ icm_client security -i