Need slave server, no master key password

Christian chanlists at googlemail.com
Sun Oct 23 16:11:25 EDT 2011 

Sorry, I meant to say of course that I do not have database password....

Christian

> All,
>
> I have a machine running 1.6.1 (on x86_64) and would like to add a 
> slave machine under 1.8.3 (debian squeeze, x86). Unfortunately, the 
> stash file from the master does not work on the slave. I get:
>
> Unable to decrypt latest master key with the provided master key  - 
> while fetching master keys list for realm OUR_REALM
>
> I thought this should only happen between architectures with different 
> endianess???
>
> I currently do not have the KDC master key, so I thought I could do
>
> kdb5_util dump -mkey_convert dumpfile
> kdb5_util load dumpfile
> kdb5_util stash
>
> That seemed to work. I got the slave up and running, kprop works, I 
> can kinit both to the master and to the slave, use aklog and afs, 
> etc... But now kadmin gives me:
>
> kadmin gss-api or kerberos error while initializing kadmin interface
>
> kadmin.local works, though. I don't know if this could be related to
>
> http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6546 
>
>
> Any help would be great!
>
> For reference, the 1.6.1 machine (master) has the following kdc.conf:
>
> [kdcdefaults]
> kdc_ports = 88
>
> [realms]
>  OUR.REALM = {
>   master_key_type = des3-hmac-sha1
>   acl_file = /var/kerberos/krb5kdc/kadm5.acl
>   dict_file = /usr/share/dict/words
>   admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
>   supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal 
> des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal  
> des-cbc-crc:v4 des-cbc-crc:afs3
>   max_life = 24h
>   max_renewable_life = 7d
> }
>
> The 1.8.3 machine (slave) has the following kdc.conf:
>
> [kdcdefaults]
>  kdc_ports = 88
>
> [realms]
>  OUR.REALM = {
>   master_key_type = des3-hmac-sha1
>   supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal 
> des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal 
> des-cbc-crc:v4 des-cbc-crc:afs3
>   max_life = 24h
>   max_renewable_life = 7d
>  }
>
> Thanks,
>
> Christian
>
>

More information about the Kerberos mailing list