KDC Master/Slave replication and propagation

Edgecombe, Jason jwedgeco at uncc.edu
Tue Feb 26 14:30:18 EST 2008 

When setting up a new slave, I usually have to manually copy the krb5kdc
folder to the slave, then propagation works.

Jason

Jason Edgecombe
Solaris & Linux Administrator
Mosaic Computing Group, College of Engineering
UNC-Charlotte
Phone: (704) 687-3514
 

-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Andrea Cirulli
Sent: Tuesday, February 26, 2008 2:19 PM
To: kerberos at mit.edu
Cc: andrea.cirulli at valueteam.com
Subject: KDC Master/Slave replication and propagation

Hi all,
I'm trying to setup a master/slave KDC architecture on SOLARIS 9.
I' ve setup correctly the master and slave, but when I execute kprop
on the master to dispatch the Kerberos DB, the latter command yields
the following output:

Broken Pipe

In particular, if I execute kprop with truss this is what i obtain:
.
.
.
close(5)                                        = 0
read(256, " # i d e n t\t " @ ( # )".., 1024)   = 1024
read(256, " o t o c o l   v 2\n l d".., 1024)   = 1024
read(256, " 1 3 9 / u d p\t\t\t\t #".., 1024)   = 1024
read(256, " c p\t\t\t\t #   E C D  ".., 1024)   = 859
close(256)                                      = 0
so_socket(PF_INET, SOCK_STREAM, IPPROTO_IP, "", 1) = 5
connect(5, 0xFFBFF878, 16, 1)                   = 0
getsockname(5, 0xFFBFF878, 0xFFBFF874, 1)       = 0
write(5, "\0\0\013", 4)                         = 4
write(5, " K R B 5 _ S E N D A U T".., 19)      = 19
write(5, "\0\0\0\n", 4)                         = 4
write(5, " k p r o p 5 _ 0 1\0", 10)            = 10
read(5, "\0", 1)                                = 1
time()                                          = 1204020515
getpid()                                        = 14196 [14195]
getpid()                                        = 14196 [14195]
getpid()                                        = 14196 [14195]
write(5, "\0\001 u", 4)                         = 4
write(5, " n8201 q 08201 mA0030201".., 373)     = 373
read(5, "\0\0\0\0", 4)                          = 4
read(5, "\0\0\0 S", 4)                          = 4
read(5, " o Q 0 OA003020105A10302".., 83)       = 83
getpid()                                        = 14196 [14195]
write(5, "\0\0\0 i", 4)                         = 4
write(5, " t g 0 eA003020105A10302".., 105)     = 105
read(4, " k d b 5 _ u t i l   l o".., 32768)    = 7985
brk(0x0002B710)                                 = 0
brk(0x0002D710)                                 = 0
getpid()                                        = 14196 [14195]
brk(0x0002D710)                                 = 0
brk(0x0002F710)                                 = 0
brk(0x0002F710)                                 = 0
brk(0x00031710)                                 = 0
write(5, "\0\01F9F", 4)                         Err#32 EPIPE
     Received signal #13, SIGPIPE [default]

 From the kpropd point of view, if I launch it in debug mode this is
what yields:

Visualizza come pagina Web

root at colcascsv # /usr/local/sbin/kpropd -r SOLARIS -dS -f /tmp/
lave_datatrans -F /usr/local/var/krb5kdc/principal -p /usr/local/sbin/
kdb5_util -a /usr/local/var/krb5kdc/kadm5.acl

Connection from colcascms
krb5_recvauth(5, kprop5_01, host/colcascsv at SOLARIS, ...)
authenticated client: host/colcascms at SOLARIS (etype == DES cbc mode
with CRC-32)

It seems that the slave KDC accepts the MASTER propagation, however
nothing is propagated.

Thanks in advance!

Beste regards,
Andrea


________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list