Need slave server, no master key
Christian
chanlists at googlemail.com
Sun Oct 23 16:06:40 EDT 2011
All,
I have a machine running 1.6.1 (on x86_64) and would like to add a slave
machine under 1.8.3 (debian squeeze, x86). Unfortunately, the stash file
from the master does not work on the slave. I get:
Unable to decrypt latest master key with the provided master key -
while fetching master keys list for realm OUR_REALM
I thought this should only happen between architectures with different
endianess???
I currently do not have the KDC master key, so I thought I could do
kdb5_util dump -mkey_convert dumpfile
kdb5_util load dumpfile
kdb5_util stash
That seemed to work. I got the slave up and running, kprop works, I can
kinit both to the master and to the slave, use aklog and afs, etc... But
now kadmin gives me:
kadmin gss-api or kerberos error while initializing kadmin interface
kadmin.local works, though. I don't know if this could be related to
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6546
Any help would be great!
For reference, the 1.6.1 machine (master) has the following kdc.conf:
[kdcdefaults]
kdc_ports = 88
[realms]
OUR.REALM = {
master_key_type = des3-hmac-sha1
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
des-cbc-crc:v4 des-cbc-crc:afs3
max_life = 24h
max_renewable_life = 7d
}
The 1.8.3 machine (slave) has the following kdc.conf:
[kdcdefaults]
kdc_ports = 88
[realms]
OUR.REALM = {
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
des-cbc-crc:v4 des-cbc-crc:afs3
max_life = 24h
max_renewable_life = 7d
}
Thanks,
Christian
More information about the Kerberos
mailing list