Setting up slave KDC when realm info is in LDAP (initially created with kdb5_ldap_util)
Greg Hudson
ghudson at MIT.EDU
Mon Jun 7 14:51:51 EDT 2010
On Sat, 2010-06-05 at 13:43 -0400, Holger Rauch wrote:
> When I try to start the slave KDC on host kdchost2.our.domain, I see
> this error message in /var/log/kerberos/krb5kdc.log, even though I
> copied the service.keyfile from the master KDC:
>
> krb5kdc: Cannot find/read stored master key - while fetching master
> key K/M for realm OUR.DOMAIN
There are two key files used in a deployment like yours, one containing
the passwords used to bind to the LDAP server, and another containing a
"master key" which encrypts key information.
The master key stash file should be named /var/krb5kdc/.k5.OUR.DOMAIN
since you haven't overridden its location.
More information about the Kerberos
mailing list