kprop between master (solaris) and slave (mandriva)

Marcin N nichu at
Fri Apr 11 09:48:09 EDT 2008

I would like to make replication between two hosts with different OS's - 
solaris as master and mandriva as slave.

On master everything seems to be OK.
So on slave I initialized databases
kdb5_util create -r NET.COM -s

On both sides I run
kpropd -S

On both sides krb5.conf looks like:
         default_realm = NET.COM
          NET.COM = {
                 admin_server = master0
                 kdc = master0
                 kdc = slave
                 master_kdc = master0
[domain_realm] = NET.COM = NET.COM
         default = FILE:/var/krb5/kdc.log
         kdc = FILE:/var/krb5/kdc.log

host/ at NET.COM
host/ at NET.COM
host/master0 at NET.COM

there are entries for both hosts in krb database on both sides as well, 
I even turn off firewall on both sides to check...

and when I try to propagate data
/usr/lib/krb5/kprop -d -f krb5.dump

there is error:
/usr/lib/krb5/kprop: Server rejected authentication (during sendauth 
exchange) while authenticating to server
Generic remote error: Wrong principal in request

in kdc.log on master
Apr 11 15:24:01 master0 krb5kdc[24492](info): AS_REQ (5 etypes {17 16 23 
3 1}) NEEDED_PREAUTH: host/master0 at NET.COM for 
host/ at NET.COM, Additional pre-authentication required
Apr 11 15:24:01 master0 krb5kdc[24492](info): AS_REQ (5 etypes {17 16 23 
3 1}) ISSUE: authtime 1207920241, etypes {rep=17 tkt=17 
ses=17}, host/master0 at NET.COM for host/ at NET.COM

I read somewhere that I need to copy krb5.keytab from master to slave - 
and I did and it didn't help.

Maybe it's due to differences in software?!
on solaris I have installed packets from CD:
svcadm enable svc:/network/security/krb5kdc
svcadm enable svc:/network/security/krb5_prop
svcadm enable svc:/network/security/kadmin

on mandriva via urpmi

Thank You in advance for any help


More information about the Kerberos mailing list