Help with trying to setup a KDC Slave Matthew.GARRETT at
Thu Mar 19 12:45:13 EDT 2009


I am struggling a bit to set up a KDC Slave and was hoping some one might 
be able to point out my mistakes.

KDC Master =
KDC Slave   =

On the KDC Master I have done the following
addprinc -randkey host/
addprinc -randkey host/

ktadd host/
ktadd host/

Then copied via scp the file /etc/krb5.keytab to the KDC Slave hutch

Created on both KDC Master and Slave

Setup xinetd for krb5_prop etc etc

The Dump on the KDC Master works fine.
kdb5_util dump /var/kerberos/krb5kdc/slavedump

However when I try and do the kprop I get the following

kprop -f /var/kerberos/krb5kdc/slavedump
kprop: Server not found in Kerberos database while getting initial ticket

DNS both forward and reverse work fine for the Slave KDC

ktutil looks correct to me.
ktutil:  rkt /etc/krb5.keytab
ktutil:  l
slot KVNO Principal
---- ---- 
   1    3 host/ at UK.AD.EP.CORP.LOCAL
   2    3 host/ at UK.AD.EP.CORP.LOCAL
   3    3 host/ at UK.AD.EP.CORP.LOCAL
   4    3 host/ at UK.AD.EP.CORP.LOCAL
   5    6 host/ at UK.AD.EP.CORP.LOCAL
   6    6 host/ at UK.AD.EP.CORP.LOCAL
   7    6 host/ at UK.AD.EP.CORP.LOCAL
   8    6 host/ at UK.AD.EP.CORP.LOCAL

NTP is setup on both Master and Slave and is working fine.

Clients can happily connect to the Master , I just can not get the dump to 

Thanks in advance.


Matthew Garrett
Senior IS Technical Analyst
Tel:       01224 297889
Fax:      01224 296806
Email:   Matthew.Garrett at
Total E&P UK, Crawpeel Road, Altens Industrial Estate, Aberdeen AB12 3FG
Registered in England and Wales No.811900          
Registered Office 33 Cavendish Square, London W1G 0PW
This e-mail and any attachments are intended only for the person or entity
to whom it is addressed and may contain confidential or privileged
information.  If you are not the addressee, any disclosure, reproduction,
copying, distribution, or use of this communication is strictly prohibited.
If you are not the intended recipient or person responsible for delivering
this message to the named addressee, please notify us immediately and delete
this e-mail.
It is the responsibility of the addressee to scan this email and any
attachments for computer viruses or other defects.  The sender does not
accept liability for any loss or damage of any nature, however caused,
which may result directly or indirectly from this email or any file attached.

More information about the Kerberos mailing list