kprop between master (solaris) and slave (mandriva)

Marcin N nichu at CUT.onet.pl
Fri Apr 11 09:48:09 EDT 2008 

Hello
I would like to make replication between two hosts with different OS's - 
solaris as master and mandriva as slave.

On master everything seems to be OK.
So on slave I initialized databases
kdb5_util create -r NET.COM -s

On both sides I run
kpropd -S

On both sides krb5.conf looks like:
===============================================
[libdefaults]
         default_realm = NET.COM
[realms]
          NET.COM = {
                 admin_server = master0
                 kdc = master0
                 kdc = slave
                 master_kdc = master0
         }
[domain_realm]
         .net.com = NET.COM
         net.com = NET.COM
[logging]
         default = FILE:/var/krb5/kdc.log
         kdc = FILE:/var/krb5/kdc.log
===============================================
kpropd.acl

host/slave.net.com at NET.COM
host/master0.net.com at NET.COM
host/master0 at NET.COM
host/slave
host/master0

there are entries for both hosts in krb database on both sides as well, 
I even turn off firewall on both sides to check...

and when I try to propagate data
/usr/lib/krb5/kprop -d -f krb5.dump slave.net.com

there is error:
/usr/lib/krb5/kprop: Server rejected authentication (during sendauth 
exchange) while authenticating to server
Generic remote error: Wrong principal in request

in kdc.log on master
Apr 11 15:24:01 master0 krb5kdc[24492](info): AS_REQ (5 etypes {17 16 23 
3 1}) 192.168.5.5: NEEDED_PREAUTH: host/master0 at NET.COM for 
host/slave.net.com at NET.COM, Additional pre-authentication required
Apr 11 15:24:01 master0 krb5kdc[24492](info): AS_REQ (5 etypes {17 16 23 
3 1}) 192.168.5.5: ISSUE: authtime 1207920241, etypes {rep=17 tkt=17 
ses=17}, host/master0 at NET.COM for host/slave.net.com at NET.COM

I read somewhere that I need to copy krb5.keytab from master to slave - 
and I did and it didn't help.

Maybe it's due to differences in software?!
on solaris I have installed packets from CD:
svcadm enable svc:/network/security/krb5kdc
svcadm enable svc:/network/security/krb5_prop
svcadm enable svc:/network/security/kadmin

on mandriva via urpmi
krb5-workstation-1.4.2-2.2.20060mdk
libkrb53-1.4.2-2.2.20060mdk
krb5-server-1.4.2-2.2.20060mdk

Thank You in advance for any help

Regards
nichu

More information about the Kerberos mailing list