principal~.kadm5 & C.
Benjamin Kaduk
kaduk at MIT.EDU
Wed Jul 16 10:48:39 EDT 2014
On Wed, 16 Jul 2014, Giuseppe Mazza wrote:
> On 16/07/14 15:12, Benjamin Kaduk wrote:
>> On Wed, 16 Jul 2014, Giuseppe Mazza wrote:
>>
>>>
>>> <<My questions>>
>>> - Any idea how to solve the above problem?
>>> - If you think that the two kerberos versions are too different, can you
>>> think a different strategy to solve the problem?
>>
>> You neglected to show the 'klist -kt /etc/krb5.keytab' output for both
>> machines.
>>
>
> Sorry...
>
> 1] slave
> root at tt-u1404:/var/lib/krb5kdc# klist -kt /etc/krb5.keytab
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Timestamp Principal
> ---- -----------------
> --------------------------------------------------------
> 3 27/06/14 14:43:13 host/tt-u1404.doc.ic.ac.uk at DOC.IC.AC.UK
>
> 2] master
> [root at london ~]# klist -kt /etc/krb5.keytab
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Timestamp Principal
> ---- -----------------
> --------------------------------------------------------
> 7 05/22/06 11:38:02 host/london.doc.ic.ac.uk at DOC.IC.AC.UK
Hmm, I think that should be sufficient, but a kpropd.acl file is also
needed on the slave KDC, as discussed in
http://web.mit.edu/kerberos/krb5-latest/doc/admin/install_kdc.html#configure-slave-kdcs
-Ben
More information about the Kerberos
mailing list