Kerberos Slave Propagation

ms419@freezone.co.uk ms419 at freezone.co.uk
Tue Dec 23 02:46:34 EST 2003 

Hello. I am having trouble propagating my kerberos database to a slave 
KDC. Honestly, I don't know what I'm doing. I have, however, read 
absolutely every piece of documentation available. I am stuck.

My master KDC and admin server are a Debian Linux machine running the 
MIT kerberos implementation. I installed these myself according to 
instructions. They work without problem. My slave KDC is a Mac OS 10.3, 
Panther, machine.

DNS has been correctly configured for each machine.

host wum.lat
wum.lat has address 192.168.179.73

host 192.168.179.73
73.179.168.192.in-addr.arpa domain name pointer wum.lat.

host sil.fis.lat
sil.fis.lat has address 192.168.179.43

host 192.168.179.43
43.179.168.192.in-addr.arpa domain name pointer sil.fis.lat.

/etc/krb5.conf on the Linux machine and 
/Library/Preferences/edu.mit.Kerberos on the Panther machine have been 
correctly configured.

[libdefaults]
         default_realm = LAT

[realms]
         LAT = {
                 kdc = wum.lat
                 kdc = sil.fis.lat
                 admin_server = wum.lat
         }

The principals host/wum.lat and host/sil.fis.lat have been added to the 
database. Using kadmin, I extracted the principal host/wum.lat on 
wum.lat and the principal host/sil.fis.lat on sil.fis.lat.

On the Panther machine, I created /var/db/krb5kdc/kpropd.acl.

host/wum.lat at LAT
host/sil.fis.lat at LAT

I also created /etc/xinetd.d/krb5_prop.

service krb5_prop
{
         disable = no
         socket_type     = stream
         wait            = no
         user            = root
         server          = /usr/sbin/kpropd
         groups          = yes
         flags           = REUSE
}

Finally, I added krb5_prop 754/tcp to /etc/services.

On the Linux machine, I ran kdb5_util dump 
/var/lib/krb5kdc/slave_datatrans. Running kprop sil.fis.lat, however, 
fails.

kprop: Server rejected authentication (during sendauth exchange) while 
authenticating to server
Generic remote error: Wrong principal in request

I have rechecked every step. I followed the instructions exactly, 
except that I haven't setup klogind on Panther. klogind is not included 
with the kerberos distribution for Panther.

What is the problem?

Thanks,

Jack

More information about the Kerberos mailing list