kprop

[Russ Allbery]

Ted Kaczmarek <tedkaz at optonline.net> writes:

> I am having problem with kprop. Linux distro Centos 4.0(RH ES4 clone).

> /usr/kerberos/sbin/kprop: Server rejected authentication (during
> sendauth exchange) while authenticating to server
> /usr/kerberos/sbin/kprop: Decrypt integrity check failed signalled from
> server
> Error text from server: Decrypt integrity check failed

Make sure that the master is using the real name (A record) for the slave
when running kprop and the kpropd.acl file on the slave lists the identity
of the master.  This problem is probably unrelated to anything in
krb5.conf.

> Also am a tad confused as to exactly what admin_server should be for the
> slave.  Should it be the master or the slave.

It should be the master.  All changes (which is what the admin server
does) have to go through the master.

> Since from what I have read Kerberos has no clue whether it itself is a
> master or a slave.

The master is the system on which you're running kadmind.  You only want
to run that on one system, and that's the system that should be using
kprop to push the database to your slaves.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>