On creating a realm, the error message displayed is create: Realm creation FAILED:[2] Set Master key failed while creating realm ‘ATHENA.MIT.EDU’
Possible Cause:
The LDAP extension was not added
Action:
Using kdb5_ldap_util to add LDAP extension. For example,
kdb5_ldap_util -D cn=admin,o=org -w secret ldapxtn_info -add
Possible Cause:
The LDAP extension was not loaded
Action:
Load the LDAP extension by restarting the LDAP server
create_service or setsrvpw commands fail to set the service object password, with the error message, “FAILED: DSA is unwilling to perform. Failed to set password for service object”
Possible Cause:
The password might be violating the password policy configured for the container in the which the service object is created.
Action:
If the password is specified manually, ensure that the password adheres to the policy that is configured.
If -randpw option is used, ensure that the password policy allows a password of 128 characters.
destroy: Realm Delete FAILED: Operation not allowed on nonleaf deleting database of ‘ATHENA.MIT.EDU’
Possible Cause:
The realm name is case sensitive. Specify the realm name in the same case that was specified during its creation. The destroy realm operation deletes all the principals in the realm before the realm is deleted. If the realm name case specified during the destroy operation is different from that specified during creation, the principals under the realm are not deleted because the principal names includes the realm names, which are case sensitive. If the principals under the realm object are not deleted, the realm destroy operation fails.
Action:
Make sure you specify the realm name in the same case as specified during creation.