Dump to slave fails; "Password has expired while getting initial ticket"
Yeechang Lee
ylee at pobox.com
Sun Sep 4 05:21:21 EDT 2005
I've been happily using Kerberos as a single signon on my little home
network for the past 6 1/2 months. In root's crontab on the master KDC
I have a line that calls a shellscript that dumps the database and
calls kprop to distribute it to a slave server every 15 minutes.
Today I noticed that the propagation process last succeeded about ten
days or so, specifically right after the six-month anniversary of my
having started using Kerberos (and having had my primary user's
Kerberos password expire for the first time).
Let us assume I am on realm EXAMPLE.COM in network example.com. When,
on my master KDC, I type
$ sudo kprop -f /var/kerberos/krb5kdc/slave_datatrans \
slave_server.example.com
I am told
/usr/kerberos/sbin/kprop: Password has expired while getting
initial ticket
(And yes, kpropd is already running on slave_server.) Is this a case
of one of the kadmin principals' passwords also having expired? If so,
is it kadmin/admin, kadmin/changepw, kadmin/history, or what? (For
that matter, what are these principals for, anyway?) Or am I
misunderstanding the error message?
On a separate note, when looking through the list of principals, I
noted a mysterious K/M at EXAMPLE.COM I don't remember creating. Based on
Last modified: Thu Feb 24 21:04:42 PST 2005
(db_creation at EXAMPLE.COM)
(The date I started using Kerberos) I presume it's some sort of
administrative entry, but what does it do?
--
<URL:http://www.pobox.com/~ylee/> PERTH ----> *
Homemade 2.8TB RAID 5 storage array:
<URL:http://groups.google.ca/groups?selm=slrnd1g04a.5mt.ylee%40pobox.com>
More information about the Kerberos
mailing list