Kerberos 5, kprop problem
Alex M. George
ag3586 at wayne.edu
Mon Apr 15 10:06:34 EDT 2002
--------------59D6FE39DC24D4195092E36C
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello all,
I am new to kerberos and trying to implement across campus for
authentication. Installation procedures from MIT is working fine upto
the slave server replication part, that give an error message:
kprop: Server rejected authentication (during sendauth exchange) while
authenticating to server
Generic remote error: Wrong principal in request
Listing the error messages and information. Appreciate any help.
Thanks.
On the master server (kerberos.wayne.edu)
[root at kerberos]# kadmin
Authenticating as principal admin/admin at KRB5.WAYNE.EDU with password.
Enter password:
kadmin: listprincs *
K/M at KRB5.WAYNE.EDU
admin/admin at KRB5.WAYNE.EDU
host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
host/kerberos.wayne.edu at KRB5.WAYNE.EDU
kadmin/admin at KRB5.WAYNE.EDU
kadmin/changepw at KRB5.WAYNE.EDU
kadmin/history at KRB5.WAYNE.EDU
krbtgt/KRB5.WAYNE.EDU at KRB5.WAYNE.EDU
kadmin:
kadmin:
kadmin:
kadmin: ktadd host/kerberos.wayne.edu
Entry for principal host/kerberos.wayne.edu with kvno 4, encryption type
Triple DES cbc mode with HMAC/sha1 added to keytab
WRFILE:/etc/krb5.keytab.
kadmin: ktadd host/kerberos-1.wayne.edu
Entry for principal host/kerberos-1.wayne.edu with kvno 4, encryption
type Triple DES cbc mode with HMAC/sha1 added to keytab
WRFILE:/etc/krb5.keytab.
kadmin: quit
[root at kerberos]# scp /etc/krb5.keytab
root at kerberos-1.wayne.edu:/etc/krb5.keytab
root at kerberos-1.wayne.edu's password:
krb5.keytab 100% |*****************************| 174
00:00
[root at kerberos]#
[root at kerberos]# more /opt/local/var/krb5kdc/kpropd.acl
host/kerberos.wayne.edu at KRB5.WAYNE.EDU
host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
[root at kerberos]#
[root at kerberos]# more /etc/inetd.conf
300326/4 tli rpc/tcp wait root
/platform/SUNW,Ultra-Enterprise-
10000/lib/dr_daemon dr_daemon
# rpc.metad
100229/1 tli rpc/tcp wait root
/usr/sbin/rpc.metad
rpc.metad
# rpc.metamhd
100230/1 tli rpc/tcp wait root
/usr/sbin/rpc.metamhd
rpc.metamhd
krb5_prop stream tcp nowait root /opt/local/sbin/kpropd
kpropd
eklogin stream tcp nowait root /opt/local/sbin/klogind
klogind
-k -c -e
[root at kerberos]#
[root at kerberos]# grep krb5_prop /etc/services
krb5_prop 754/tcp # Kerberos V5 KDC
propogation
[root at kerberos]# kdb5_util dump -verbose
/opt/local/var/krb5kdc/slave_datatrans
K/M at KRB5.WAYNE.EDU
admin/admin at KRB5.WAYNE.EDU
host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
host/kerberos.wayne.edu at KRB5.WAYNE.EDU
kadmin/admin at KRB5.WAYNE.EDU
kadmin/changepw at KRB5.WAYNE.EDU
kadmin/history at KRB5.WAYNE.EDU
krbtgt/KRB5.WAYNE.EDU at KRB5.WAYNE.EDU
[root at kerberos]#
[root at kerberos]# kprop -f /opt/local/var/krb5kdc/slave_datatrans
kerberos-1.wayne.edu
kprop: Server rejected authentication (during sendauth exchange) while
authenticating to server
Generic remote error: Wrong principal in request
[root at kerberos]# tail /var/log/krb5kdc.log
Apr 15 09:50:49 kerberos.wayne.edu krb5kdc[19336](info): AS_REQ (2
etypes {16 1}) 141.217.1.205(88): ISSUE: authtime 1018878649, etypes
{rep=16 tkt=16 ses=16}, host/kerberos.wayne.edu at KRB5.WAYNE.EDU for
host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
On the slave machine (kerberos-1.wayne.edu)
[root at kerberos-1]# grep prop /etc/services
krb5_prop 754/tcp # Kerberos V5 KDC
propogation
[root at kerberos-1]#
[root at kerberos-1]# more /opt/local/var/krb5kdc/kpropd.acl
host/kerberos.wayne.edu at KRB5.WAYNE.EDU
host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
[root at kerberos-1]#
Alex George.
Sr. System Engineer.
Wayne State Univeristy.
--------------59D6FE39DC24D4195092E36C
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Hello all,
<p>I am new to kerberos and trying to implement across campus for authentication.
Installation procedures from MIT is working fine upto the slave server
replication part, that give an error message:
<p><b>kprop: Server rejected authentication (during sendauth exchange)
while authenticating to server</b>
<br><b>Generic remote error: Wrong principal in request</b>
<br>
<p>Listing the error messages and information. Appreciate any help.
Thanks.
<br>
<p><b><i><u>On the master server (kerberos.wayne.edu)</u></i></b>
<p>[root at kerberos]# kadmin
<br>Authenticating as principal admin/admin at KRB5.WAYNE.EDU with password.
<br>Enter password:
<br>kadmin: listprincs *
<br>K/M at KRB5.WAYNE.EDU
<br>admin/admin at KRB5.WAYNE.EDU
<br>host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
<br>host/kerberos.wayne.edu at KRB5.WAYNE.EDU
<br>kadmin/admin at KRB5.WAYNE.EDU
<br>kadmin/changepw at KRB5.WAYNE.EDU
<br>kadmin/history at KRB5.WAYNE.EDU
<br>krbtgt/KRB5.WAYNE.EDU at KRB5.WAYNE.EDU
<br>kadmin:
<br>kadmin:
<br>kadmin:
<br>kadmin: ktadd host/kerberos.wayne.edu
<br>Entry for principal host/kerberos.wayne.edu with kvno 4, encryption
type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
<br>kadmin: ktadd host/kerberos-1.wayne.edu
<br>Entry for principal host/kerberos-1.wayne.edu with kvno 4, encryption
type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
<br>kadmin: quit
<p>[root at kerberos]# scp /etc/krb5.keytab root at kerberos-1.wayne.edu:/etc/krb5.keytab
<br>root at kerberos-1.wayne.edu's password:
<br>krb5.keytab 100%
|*****************************| 174
00:00
<br>[root at kerberos]#
<br>[root at kerberos]# more /opt/local/var/krb5kdc/kpropd.acl
<br>host/kerberos.wayne.edu at KRB5.WAYNE.EDU
<br>host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
<p>[root at kerberos]#
<br>[root at kerberos]# more /etc/inetd.conf
<br>300326/4 tli
rpc/tcp wait root /platform/SUNW,Ultra-Enterprise-
<br>10000/lib/dr_daemon dr_daemon
<br># rpc.metad
<br>100229/1 tli
rpc/tcp wait
root /usr/sbin/rpc.metad
<br>rpc.metad
<br># rpc.metamhd
<br>100230/1 tli
rpc/tcp wait
root /usr/sbin/rpc.metamhd
<br>rpc.metamhd
<br>krb5_prop stream tcp
nowait root /opt/local/sbin/kpropd kpropd
<br>eklogin stream
tcp nowait root /opt/local/sbin/klogind
klogind
<br>-k -c -e
<p>[root at kerberos]#
<br>[root at kerberos]# grep krb5_prop /etc/services
<br>krb5_prop 754/tcp
# Kerberos V5 KDC propogation
<p>[root at kerberos]# kdb5_util dump -verbose /opt/local/var/krb5kdc/slave_datatrans
<br>K/M at KRB5.WAYNE.EDU
<br>admin/admin at KRB5.WAYNE.EDU
<br>host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
<br>host/kerberos.wayne.edu at KRB5.WAYNE.EDU
<br>kadmin/admin at KRB5.WAYNE.EDU
<br>kadmin/changepw at KRB5.WAYNE.EDU
<br>kadmin/history at KRB5.WAYNE.EDU
<br>krbtgt/KRB5.WAYNE.EDU at KRB5.WAYNE.EDU
<br>[root at kerberos]#
<br><b>[root at kerberos]# kprop -f /opt/local/var/krb5kdc/slave_datatrans
kerberos-1.wayne.edu</b>
<br><b>kprop: Server rejected authentication (during sendauth exchange)
while authenticating to server</b>
<br><b>Generic remote error: Wrong principal in request</b>
<p>[root at kerberos]# tail /var/log/krb5kdc.log
<br>Apr 15 09:50:49 kerberos.wayne.edu krb5kdc[19336](info): AS_REQ (2
etypes {16 1}) 141.217.1.205(88): ISSUE: authtime 1018878649, etypes {rep=16
tkt=16 ses=16}, host/kerberos.wayne.edu at KRB5.WAYNE.EDU for host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
<p><b><i><u>On the slave machine (kerberos-1.wayne.edu)</u></i></b>
<p>[root at kerberos-1]# grep prop /etc/services
<br>krb5_prop 754/tcp
# Kerberos V5 KDC propogation
<br>[root at kerberos-1]#
<p>[root at kerberos-1]# more /opt/local/var/krb5kdc/kpropd.acl
<br>host/kerberos.wayne.edu at KRB5.WAYNE.EDU
<br>host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
<p>[root at kerberos-1]#
<br>
<br>
<p>Alex George.
<br>Sr. System Engineer.
<br>Wayne State Univeristy.
<br> </html>
--------------59D6FE39DC24D4195092E36C--
More information about the Kerberos
mailing list