how to set up kerberos slave server

Jeremy Thomas Hunt jeremyh at optimation.com.au
Tue Oct 17 21:04:08 EDT 2006 

Kevin Coffman is right, you should only start the kadmind server on the 
admin_server which is the master server. Your startup script is starting 
kadmind on the slave, ... or you are manually trying to start it on the 
slave.

If it is the startup script that is starting kadmind, then I suggest you 
modify it to select the name of the master in the script as part of the 
decision to start kadmind. When the script decides it isn't running on 
the master server, it shouldn't start kadmind.

If you are trying to start kadmind manually on the slave server, then don't.

chechu chechu wrote:
> [safeTgram (optim1) receive status: NOT encrypted, NOT signed.]
>
>
> Hi¡
>
> I want to add an slave kerberos server(shinobi) to my master (shogun),
> my /etc/krb5.conf is :
>
> [libdefaults]
> 	default_realm = IRONMAN.ES
> # The following krb5.conf variables are only for MIT Kerberos.
> 	krb4_config = /etc/krb.conf
> 	krb4_realms = /etc/krb.realms
> 	kdc_timesync = 1
> 	ccache_type = 4
> 	forwardable = true
> 	proxiable = true
> 	v4_instance_resolve = false
> 	v4_name_convert = {
> 		host = {
> 			rcmd = host
> 			ftp = ftp
> 		}
> 		plain = {
> 			something = something-else
> 		}
> 	}
>
> [realms]
> IRONMAN.ES = {
> 	 kdc = shogun.ironman.es
> 	 kdc = shinobi.ironman.es
> 	admin_server = shogun.ironman.es
> }
>
>
> [domain_realm]
>    .ironman.es = IRONMAN.ES
>    ironman.es = IRONMAN.ES
>
>
> [login]
> 	krb4_convert = true
> 	krb4_get_tickets = true
>  	krb5_get_tickets = true
> [logging]
>     kdc = FILE:/var/log/kerberos/krb5kdc.log
>     admin_server = FILE:/var/log/kerberos/kadmin.log
>     default = FILE:/var/log/kerberos/krb5lib.log
>
>
> The master works right but the slave which have the same /etc/krb5.conf
> than the master don't start, the error that shows me is:
>
> shinobi:~# /etc/init.d/krb5-admin-server start
> Starting Kerberos administrative servers: kadmindkadmind: Syntax error
> in profile relation while initializing, aborting
>  failed!
>
>
>
> And kadmin.log shows...:
>
> Oct 17 12:32:55 shinobi kadmind[20615](Error): Syntax error in profile
> relation while initializing, aborting
>
> I don't know what is failing cause the same conf file works right in the
> master. someone can help me.
>
> thanks
>
>
>
>
>
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
>
>

More information about the Kerberos mailing list