propd replication failed

[Nick Bernstein]

I'm having some problems getting kerberos propagation to a slave server
working correctly and was hoping someone might have some insight. I've
looked through the logs and they're not very verbose as well as googled for
the error, of which, I've only found one prior example of, and no fix. If
anyone has any insight, I'd be very grateful. 



Using MIT kerberos 5, I setup a kerberos kdc and a second kdc which I want
to use as a slave server. On the slave server, I set up the access list
/var/kerberos/krb5kdc/kpropd.acl which contains the following: 

host/kerberos.frontbridge.com at FRONTBRIDGE.COM
host/ks.frontbridge.com at FRONTBRIDGE.COM

and ran the propd command as follows in stand along for debugging as
recommended in the man page: 
    /usr/kerberos/sbin/kpropd -p 754 -a kpropd.acl -S -f
/var/kerberos/from_master
from the same directory as the kpropd.acl was in. 

I got the following error: 
(from on kerberos (master))
	Error text from server: Decrypt integrity check failed
[root at kerberos root]# 	/usr/kerberos/sbin/kprop -f
/tmp/20050321-1.slavedump ks.frontbridge.com
	/usr/kerberos/sbin/kprop: Server rejected authentication (during
sendauth exchange) while authenticating to server
	/usr/kerberos/sbin/kprop: Decrypt integrity check failed signalled
from server Error text from server: Decrypt integrity check failed
on the ks (slave): 
	krpopd[3026]: Connection from 192.168.1.208 
	kpropd[3026]: Error in krb5_recvauth: Decrypt integrity check failed

Anyway, if anyone could help, I'd really appreciate it, 
Thanks,
Nick



FrontBridge introduces Message Archive and Secure Email. Get leading Enterprise Message Security services from FrontBridge. www.frontbridge.com.