I have to say up front that it is generally agreed that putting any database
file on a NFS filesystem is a bad idea. Also, it kind of sounds like
your multiple KDCs are serving the SAME database file? If so, THAT is
a huge problem!
I am looking at newer Kerberos code, so perhaps this has changed, but
that error comes from krb5_db_destroy() failing. For DB2, that ends
up calling krb5_db2_destroy(). That function does a lot of things,
and it's hard at a glance to figure out which part of it is failing; I
suspect the only way to figure out what is going wrong there is to build
a version of Kerberos with full debugging symbols and set a breakpoint
on krb5_db2_destroy(). I have a strong suspicion that the database file
is getting corrupted in a such a way that the other routines cannot
recover, and that's likely due to the use of NFS (especially if multiple
KDCs are using the same database file).

--Ken

A message queue is typically a better way to synchronize a cluster.
The bonus is that you can track adds, deletes, and modifies via historian.
Anchors in Relative Time!?

-----Original Message-----
From: Kerberos <kerberos-***@mit.edu> On Behalf Of Ken Hornstein via Kerberos
Sent: Monday, March 4, 2024 10:56 AM
To: rachit chokshi <***@gmail.com>
Cc: ***@mit.edu
Subject: Re: kdb5_util-1.15.1: Invalid argument while making newly loaded database live
I have to say up front that it is generally agreed that putting any database file on a NFS filesystem is a bad idea. Also, it kind of sounds like your multiple KDCs are serving the SAME database file? If so, THAT is a huge problem!
I am looking at newer Kerberos code, so perhaps this has changed, but that error comes from krb5_db_destroy() failing. For DB2, that ends up calling krb5_db2_destroy(). That function does a lot of things, and it's hard at a glance to figure out which part of it is failing; I suspect the only way to figure out what is going wrong there is to build a version of Kerberos with full debugging symbols and set a breakpoint on krb5_db2_destroy(). I have a strong suspicion that the database file is getting corrupted in a such a way that the other routines cannot recover, and that's likely due to the use of NFS (especially if multiple KDCs are using the same database file).

--Ken
________________________________________________
Kerberos mailing list ***@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.