Kerberos 5, kprop problem

Srinivas Cheruku csri at sonata-software.com
Tue Apr 16 08:34:49 EDT 2002


Look at the kdc logs. Then you will come to know whcih service principal it
is looking for and from that you can make out why it is going wrong.

Srini

> -----Original Message-----
> From: Norbert Veber [mailto:nveber at pyre.virge.net]
> Sent: Tuesday, April 16, 2002 12:39 AM
> To: kerberos at mit.edu
> Subject: Re: Kerberos 5, kprop problem
> 
> 
> In article <3CBADE69.A8AF95AA at wayne.edu>, Alex M. George wrote:
> > 
> > --------------59D6FE39DC24D4195092E36C
> > Content-Type: text/plain; charset=us-ascii
> > Content-Transfer-Encoding: 7bit
> > 
> > Hello all,
> > 
> > I am new to kerberos and trying to implement across campus for
> > authentication.  Installation procedures from MIT is 
> working fine upto
> > the slave server replication part, that give an error message:
> > 
> > kprop: Server rejected authentication (during sendauth 
> exchange) while
> > authenticating to server
> > Generic remote error: Wrong principal in request
> 
> I have the same configuration, with inetd.conf setup, keys exported to
> /etc/krb5.keytab, host principals added, kpropd.acl setup, etc.
> Everything works but the propagation.  I get a different 
> error than Alex
> though:
> root at abel[904:~]# /usr/local/sbin/kprop -d -f
> /usr/local/var/krb5kdc/slave_datatrans kerberos-1.domain.com
> /usr/local/sbin/kprop: Client not found in Kerberos database while
> getting initial ticket
> 
> I read the installation manual several times to make sure I set
> everything as instructed, and could find nothing wrong.  I 
> also read the
> FAQ.
> 
> The master server is Solaris 7.  I have two slave servers 
> (debian/potato
> and freebsd 4.5).  The propagation doesnt work with either of 
> them, and
> nothing gets printed in the logs.  All are running MIT 
> krb5-1.2.4, built
> from source.
> 
> Any ideas?
> 
> Thanks,
> 
> Norbert
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
> 
*********************************************************************
Disclaimer: The information in this e-mail and any attachments is
confidential / privileged. It is intended solely for the addressee or
addressees. If you are not the addressee indicated in this message, you may
not copy or deliver this message to anyone. In such case, you should destroy
this message and kindly notify the sender by reply email. Please advise
immediately if you or your employer does not consent to Internet email for
messages of this kind.
*********************************************************************



More information about the Kerberos mailing list