problem sending initial data to slave Kerberos server
Dave Steiner
steiner at oit.rutgers.edu
Wed Jan 29 16:27:26 EST 2014
On 1/29/2014 3:59 PM, Greg Hudson wrote:
> On 01/29/2014 01:44 PM, Dave Steiner wrote:
>> I'm havin problems adding a slave to an existing test cluster.
> kpropd should be syslogging at LOG_ERROR; finding the relevant syslog
> should help figure out what step is failing. The failure might be
> coming from rd_req during authentication, or rd_safe during transmission
> of the size, or rd_priv during transmission of the database contents.
> Whatever it is, it seems to be causing an AP_ERR_BAD_INTEGRITY code
> getting sent sent back from kpropd to kprop.
>
> My guess is that the failure is coming from rd_safe or rd_priv, since
> rd_req can't produce an AP_ERR_BAD_INTEGRITY error at this point (it
> produces AP_WRONG_PRINC instead). But I'm not sure what would cause a
> decryption or checksum failure for a KRB-SAFE or KRB-PRIV message, to be
> honest. A NAT between master and slave could cause an AP_ERR_BADADDR
> error, but we're not seeing that.
>
> The fact that you need host/slave and host/slave.rutgers.edu principals
> is troubling, but is most likely just a confounding variable, not the
> cause of this particular problem.
Hi Greg,
I literally just fixed this problem before I saw your email. It was the host
issue. In /etc/hosts, our Unix group only put the short hostname and let DNS
handle the full hostname. I requested that they also include the full hostname
(first) in /etc/hosts, restarted things on both master and slave, and now things
work.
Thanks for getting back to me.
take care,
ds
More information about the Kerberos
mailing list