propd replication failed
Nick Bernstein
nbernstein at frontbridge.com
Mon Mar 28 21:40:09 EST 2005
I'm having some problems getting kerberos propagation to a slave server
working correctly and was hoping someone might have some insight. I've
looked through the logs and they're not very verbose as well as googled for
the error, of which, I've only found one prior example of, and no fix. If
anyone has any insight, I'd be very grateful.
Using MIT kerberos 5, I setup a kerberos kdc and a second kdc which I want
to use as a slave server. On the slave server, I set up the access list
/var/kerberos/krb5kdc/kpropd.acl which contains the following:
host/kerberos.frontbridge.com at FRONTBRIDGE.COM
host/ks.frontbridge.com at FRONTBRIDGE.COM
and ran the propd command as follows in stand along for debugging as
recommended in the man page:
/usr/kerberos/sbin/kpropd -p 754 -a kpropd.acl -S -f
/var/kerberos/from_master
from the same directory as the kpropd.acl was in.
I got the following error:
(from on kerberos (master))
Error text from server: Decrypt integrity check failed
[root at kerberos root]# /usr/kerberos/sbin/kprop -f
/tmp/20050321-1.slavedump ks.frontbridge.com
/usr/kerberos/sbin/kprop: Server rejected authentication (during
sendauth exchange) while authenticating to server
/usr/kerberos/sbin/kprop: Decrypt integrity check failed signalled
from server Error text from server: Decrypt integrity check failed
on the ks (slave):
krpopd[3026]: Connection from 192.168.1.208
kpropd[3026]: Error in krb5_recvauth: Decrypt integrity check failed
Anyway, if anyone could help, I'd really appreciate it,
Thanks,
Nick
FrontBridge introduces Message Archive and Secure Email. Get leading Enterprise Message Security services from FrontBridge. www.frontbridge.com.
More information about the Kerberos
mailing list