Kerberos 5, kprop problem

Alex M. George ag3586 at wayne.edu
Mon Apr 15 10:06:34 EDT 2002


--------------59D6FE39DC24D4195092E36C
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello all,

I am new to kerberos and trying to implement across campus for
authentication.  Installation procedures from MIT is working fine upto
the slave server replication part, that give an error message:

kprop: Server rejected authentication (during sendauth exchange) while
authenticating to server
Generic remote error: Wrong principal in request


Listing the error messages and information.  Appreciate any help.
Thanks.


On the master server (kerberos.wayne.edu)

[root at kerberos]# kadmin
Authenticating as principal admin/admin at KRB5.WAYNE.EDU with password.
Enter password:
kadmin:  listprincs *
K/M at KRB5.WAYNE.EDU
admin/admin at KRB5.WAYNE.EDU
host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
host/kerberos.wayne.edu at KRB5.WAYNE.EDU
kadmin/admin at KRB5.WAYNE.EDU
kadmin/changepw at KRB5.WAYNE.EDU
kadmin/history at KRB5.WAYNE.EDU
krbtgt/KRB5.WAYNE.EDU at KRB5.WAYNE.EDU
kadmin:
kadmin:
kadmin:
kadmin:  ktadd host/kerberos.wayne.edu
Entry for principal host/kerberos.wayne.edu with kvno 4, encryption type
Triple DES cbc mode with HMAC/sha1 added to keytab
WRFILE:/etc/krb5.keytab.
kadmin:  ktadd host/kerberos-1.wayne.edu
Entry for principal host/kerberos-1.wayne.edu with kvno 4, encryption
type Triple DES cbc mode with HMAC/sha1 added to keytab
WRFILE:/etc/krb5.keytab.
kadmin:  quit

[root at kerberos]# scp /etc/krb5.keytab
root at kerberos-1.wayne.edu:/etc/krb5.keytab
root at kerberos-1.wayne.edu's password:
krb5.keytab          100% |*****************************|   174
00:00
[root at kerberos]#
[root at kerberos]# more /opt/local/var/krb5kdc/kpropd.acl
host/kerberos.wayne.edu at KRB5.WAYNE.EDU
host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU

[root at kerberos]#
[root at kerberos]# more /etc/inetd.conf
300326/4        tli     rpc/tcp wait    root
/platform/SUNW,Ultra-Enterprise-
10000/lib/dr_daemon     dr_daemon
# rpc.metad
100229/1        tli     rpc/tcp         wait    root
/usr/sbin/rpc.metad
rpc.metad
# rpc.metamhd
100230/1        tli     rpc/tcp         wait    root
/usr/sbin/rpc.metamhd
rpc.metamhd
krb5_prop       stream  tcp     nowait  root    /opt/local/sbin/kpropd
kpropd
eklogin         stream  tcp     nowait  root    /opt/local/sbin/klogind
klogind
-k -c -e

[root at kerberos]#
[root at kerberos]# grep krb5_prop /etc/services
krb5_prop       754/tcp                         # Kerberos V5 KDC
propogation

[root at kerberos]# kdb5_util dump -verbose
/opt/local/var/krb5kdc/slave_datatrans
K/M at KRB5.WAYNE.EDU
admin/admin at KRB5.WAYNE.EDU
host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
host/kerberos.wayne.edu at KRB5.WAYNE.EDU
kadmin/admin at KRB5.WAYNE.EDU
kadmin/changepw at KRB5.WAYNE.EDU
kadmin/history at KRB5.WAYNE.EDU
krbtgt/KRB5.WAYNE.EDU at KRB5.WAYNE.EDU
[root at kerberos]#
[root at kerberos]# kprop -f /opt/local/var/krb5kdc/slave_datatrans
kerberos-1.wayne.edu
kprop: Server rejected authentication (during sendauth exchange) while
authenticating to server
Generic remote error: Wrong principal in request

[root at kerberos]# tail /var/log/krb5kdc.log
Apr 15 09:50:49 kerberos.wayne.edu krb5kdc[19336](info): AS_REQ (2
etypes {16 1}) 141.217.1.205(88): ISSUE: authtime 1018878649, etypes
{rep=16 tkt=16 ses=16}, host/kerberos.wayne.edu at KRB5.WAYNE.EDU for
host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU

On the slave machine (kerberos-1.wayne.edu)

[root at kerberos-1]# grep prop /etc/services
krb5_prop       754/tcp                         # Kerberos V5 KDC
propogation
[root at kerberos-1]#

[root at kerberos-1]# more /opt/local/var/krb5kdc/kpropd.acl
host/kerberos.wayne.edu at KRB5.WAYNE.EDU
host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU

[root at kerberos-1]#



Alex George.
Sr. System Engineer.
Wayne State Univeristy.


--------------59D6FE39DC24D4195092E36C
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Hello all,
<p>I am new to kerberos and trying to implement across campus for authentication.&nbsp;
Installation procedures from MIT is working fine upto the slave server
replication part, that give an error message:
<p><b>kprop: Server rejected authentication (during sendauth exchange)
while authenticating to server</b>
<br><b>Generic remote error: Wrong principal in request</b>
<br>&nbsp;
<p>Listing the error messages and information.&nbsp; Appreciate any help.&nbsp;
Thanks.
<br>&nbsp;
<p><b><i><u>On the master server (kerberos.wayne.edu)</u></i></b>
<p>[root at kerberos]# kadmin
<br>Authenticating as principal admin/admin at KRB5.WAYNE.EDU with password.
<br>Enter password:
<br>kadmin:&nbsp; listprincs *
<br>K/M at KRB5.WAYNE.EDU
<br>admin/admin at KRB5.WAYNE.EDU
<br>host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
<br>host/kerberos.wayne.edu at KRB5.WAYNE.EDU
<br>kadmin/admin at KRB5.WAYNE.EDU
<br>kadmin/changepw at KRB5.WAYNE.EDU
<br>kadmin/history at KRB5.WAYNE.EDU
<br>krbtgt/KRB5.WAYNE.EDU at KRB5.WAYNE.EDU
<br>kadmin:
<br>kadmin:
<br>kadmin:
<br>kadmin:&nbsp; ktadd host/kerberos.wayne.edu
<br>Entry for principal host/kerberos.wayne.edu with kvno 4, encryption
type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
<br>kadmin:&nbsp; ktadd host/kerberos-1.wayne.edu
<br>Entry for principal host/kerberos-1.wayne.edu with kvno 4, encryption
type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
<br>kadmin:&nbsp; quit
<p>[root at kerberos]# scp /etc/krb5.keytab root at kerberos-1.wayne.edu:/etc/krb5.keytab
<br>root at kerberos-1.wayne.edu's password:
<br>krb5.keytab&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 100%
|*****************************|&nbsp;&nbsp; 174&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
00:00
<br>[root at kerberos]#
<br>[root at kerberos]# more /opt/local/var/krb5kdc/kpropd.acl
<br>host/kerberos.wayne.edu at KRB5.WAYNE.EDU
<br>host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
<p>[root at kerberos]#
<br>[root at kerberos]# more /etc/inetd.conf
<br>300326/4&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; tli&nbsp;&nbsp;&nbsp;&nbsp;
rpc/tcp wait&nbsp;&nbsp;&nbsp; root&nbsp;&nbsp;&nbsp; /platform/SUNW,Ultra-Enterprise-
<br>10000/lib/dr_daemon&nbsp;&nbsp;&nbsp;&nbsp; dr_daemon
<br># rpc.metad
<br>100229/1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; tli&nbsp;&nbsp;&nbsp;&nbsp;
rpc/tcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; wait&nbsp;&nbsp;&nbsp;
root&nbsp;&nbsp;&nbsp; /usr/sbin/rpc.metad
<br>rpc.metad
<br># rpc.metamhd
<br>100230/1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; tli&nbsp;&nbsp;&nbsp;&nbsp;
rpc/tcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; wait&nbsp;&nbsp;&nbsp;
root&nbsp;&nbsp;&nbsp; /usr/sbin/rpc.metamhd
<br>rpc.metamhd
<br>krb5_prop&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; stream&nbsp; tcp&nbsp;&nbsp;&nbsp;&nbsp;
nowait&nbsp; root&nbsp;&nbsp;&nbsp; /opt/local/sbin/kpropd kpropd
<br>eklogin&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; stream&nbsp;
tcp&nbsp;&nbsp;&nbsp;&nbsp; nowait&nbsp; root&nbsp;&nbsp;&nbsp; /opt/local/sbin/klogind
klogind
<br>-k -c -e
<p>[root at kerberos]#
<br>[root at kerberos]# grep krb5_prop /etc/services
<br>krb5_prop&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 754/tcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
# Kerberos V5 KDC propogation
<p>[root at kerberos]# kdb5_util dump -verbose /opt/local/var/krb5kdc/slave_datatrans
<br>K/M at KRB5.WAYNE.EDU
<br>admin/admin at KRB5.WAYNE.EDU
<br>host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
<br>host/kerberos.wayne.edu at KRB5.WAYNE.EDU
<br>kadmin/admin at KRB5.WAYNE.EDU
<br>kadmin/changepw at KRB5.WAYNE.EDU
<br>kadmin/history at KRB5.WAYNE.EDU
<br>krbtgt/KRB5.WAYNE.EDU at KRB5.WAYNE.EDU
<br>[root at kerberos]#
<br><b>[root at kerberos]# kprop -f /opt/local/var/krb5kdc/slave_datatrans
kerberos-1.wayne.edu</b>
<br><b>kprop: Server rejected authentication (during sendauth exchange)
while authenticating to server</b>
<br><b>Generic remote error: Wrong principal in request</b>
<p>[root at kerberos]# tail /var/log/krb5kdc.log
<br>Apr 15 09:50:49 kerberos.wayne.edu krb5kdc[19336](info): AS_REQ (2
etypes {16 1}) 141.217.1.205(88): ISSUE: authtime 1018878649, etypes {rep=16
tkt=16 ses=16}, host/kerberos.wayne.edu at KRB5.WAYNE.EDU for host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
<p><b><i><u>On the slave machine (kerberos-1.wayne.edu)</u></i></b>
<p>[root at kerberos-1]# grep prop /etc/services
<br>krb5_prop&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 754/tcp&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
# Kerberos V5 KDC propogation
<br>[root at kerberos-1]#
<p>[root at kerberos-1]# more /opt/local/var/krb5kdc/kpropd.acl
<br>host/kerberos.wayne.edu at KRB5.WAYNE.EDU
<br>host/kerberos-1.wayne.edu at KRB5.WAYNE.EDU
<p>[root at kerberos-1]#
<br>&nbsp;
<br>&nbsp;
<p>Alex George.
<br>Sr. System Engineer.
<br>Wayne State Univeristy.
<br>&nbsp;</html>

--------------59D6FE39DC24D4195092E36C--




More information about the Kerberos mailing list