problem sending initial data to slave Kerberos server

Dave Steiner steiner at oit.rutgers.edu
Wed Jan 29 16:27:26 EST 2014


On 1/29/2014 3:59 PM, Greg Hudson wrote:
> On 01/29/2014 01:44 PM, Dave Steiner wrote:
>> I'm havin problems adding a slave to an existing test cluster.
> kpropd should be syslogging at LOG_ERROR; finding the relevant syslog
> should help figure out what step is failing.  The failure might be
> coming from rd_req during authentication, or rd_safe during transmission
> of the size, or rd_priv during transmission of the database contents.
> Whatever it is, it seems to be causing an AP_ERR_BAD_INTEGRITY code
> getting sent sent back from kpropd to kprop.
>
> My guess is that the failure is coming from rd_safe or rd_priv, since
> rd_req can't produce an AP_ERR_BAD_INTEGRITY error at this point (it
> produces AP_WRONG_PRINC instead).  But I'm not sure what would cause a
> decryption or checksum failure for a KRB-SAFE or KRB-PRIV message, to be
> honest.  A NAT between master and slave could cause an AP_ERR_BADADDR
> error, but we're not seeing that.
>
> The fact that you need host/slave and host/slave.rutgers.edu principals
> is troubling, but is most likely just a confounding variable, not the
> cause of this particular problem.

Hi Greg,

I literally just fixed this problem before I saw your email.  It was the host 
issue.  In /etc/hosts, our Unix group only put the short hostname and let DNS 
handle the full hostname.  I requested that they also include the full hostname 
(first) in /etc/hosts, restarted things on both master and slave, and now things 
work.

Thanks for getting back to me.

take care,
ds



More information about the Kerberos mailing list