Dump to slave fails; "Password has expired while getting initial ticket"
Jeffrey Hutzelman
jhutz at cmu.edu
Mon Sep 5 17:56:15 EDT 2005
On Sunday, September 04, 2005 09:21:21 +0000 Yeechang Lee <ylee at pobox.com>
wrote:
> /usr/kerberos/sbin/kprop: Password has expired while getting
> initial ticket
I believe the principal you're looking for is kprop/fqdn.of.master.kdc
You should probably arrange for it not to have a password expiration
policy. If you're really paranoid, you chould change it manually once in a
while, but I don't think I know anyone _that_ paranoid.
> On a separate note, when looking through the list of principals, I
> noted a mysterious K/M at EXAMPLE.COM I don't remember creating. Based on
>
> Last modified: Thu Feb 24 21:04:42 PST 2005
> (db_creation at EXAMPLE.COM)
That principal corresponds to the master key, which is used to encrypt keys
stored in the database. It's the same master key that you have to enter
(or provide in a stash file) to get the KDC to start up.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
More information about the Kerberos
mailing list