Symptoms: kadmin -l list \* takes forever, kadmin -l dump -f kadmin.dump doesn't finish either, and in the generated kadmin.dump, principals occur time and again. The longer the command is left running, the more often they are repeated. Also, db4.6_dump /var/lib/heimdal-kdc/heimdal.db won't finish. And there is no usable backup.

So we do:

#!/bin/bash

HDD=/var/lib/heimdal-kdc

echo "script stopping Kerberos KDC" \
&& /etc/init.d/heimdal-kdc stop \
&& echo "script tarring ${HDD} to /var/lib/heimdal-kdc.tgz" \
&& tar cvzf /var/lib/heimdal-kdc.tgz ${HDD} \
&& echo "script dumping Kerberos database using db4.6_dump" \
&& db4.6_dump -r -f ${HDD}/heimdal.dump ${HDD}/heimdal.db \
&& echo "script removing old db files" \
&& mv ${HDD}/log* ${HDD}/heimdal.db ./ \
&& echo "script restoring dump" \
&& time db4.6_load -f ${HDD}/heimdal.dump ${HDD}/heimdal.db \
&& echo "script stopping Kerberos KDC" \
&& /etc/init.d/heimdal-kdc start
    

This takes about ten seconds for a couple of hundred principals and a modest kdc.log. After the fix, the symptoms are gone.