kprop trouble.

Nick Palmer nick at sluggardy.net
Fri Apr 9 21:44:34 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey all,

I am installing mit-krb5-1.2.7 again since I somehow dorked up the
master key for my database while trying to get kprop to work properly. I
am still having problems geting kprop to work properly.

I can dump my KDC just fine with kdb5_util dump. However, when I run
kprop I get an error:
# kprop -f slave_datatrans <slave>
kprop: Connection reset by peer while reading response from server

I added some syslogs to the kpropd source code, and and figured out that
kpropd is failing while it is receiving the database. The failure
happens when it is trying to decode the database size.

I can load the slave_datatrans dump file on the master KDC with
kdb5_util load and everything goes just fine, which indicates to me that
the dump file is okay. It also seems to load fine on the slave KDC,
however when I try to start krb5kdc on the slave I get an error
indicating that "krb5kdc: cannot initialize realm <REALM>". I have tried
it with both the keytab off the master and with the -m option and
entering the master key by hand and neither seems to work.

I have also tried changing krb5.conf so that the slave will think it is
the master and running kadmin.local and I get the following:
# kadmin.local
Authenticating as principal nick/admin at SLUGGARDY.NET with password.
kadmin.local: Message size is incompatible with encryption type while
initializing kadmin.local interface
I'm not sure if that helps at all.

Any suggestions?

By the way, I selected 1.2.7 since that is what the source code I have
found for pam_krb5afs claims to work with. If somebody can point me to
code for pam_krb5afs that works with the latest mit-krb5 I would be
willing to look at trying out that version.

Thanks for any help,
- -Nick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAd1GCWRxj7DCRpGURAgBXAKC9b6b0SuKOQzqTAK5xSv/M7YRN8QCgtbJw
uTHZ6JNFsRySi1YUpZ/1zN0=
=1n6L
-----END PGP SIGNATURE-----


More information about the Kerberos mailing list