kprop: Key table entry not found while getting initial credentials

Dean Duan(Contractor) chuanjie.duan at envisioncn.com
Mon Aug 8 22:20:17 EDT 2016


HI ALL,

I try to config master/slave KDC, when I execute “kprop -f slave_datatrans ip-10-21-14-33.envisioncn.com”, an error popup “kprop: Key table entry not found while getting initial credentials”.

I checked principal in database, checked “klist -k krb5.keytab“, checked the kadmin5.acl and kpropd.acl, All of these can find “host/ip-10-21-14-33.envisioncn.com”. And I still config the “host/ip-10-21-14-33.envisioncn.com” in “10.21.14.33”.

I still configed the xinetd


service kpropd

{

# This is for quick on or off of the service

        disable         = no



# The next attributes are mandatory for all services

        id              = krb5_prop

        type            = UNLISTED

        wait            = no

        socket_type     = stream

#       protocol        = socket type is usually enough



# External services must fill out the following

        user            = root

#       group           =

        server          = /usr/local/sbin/kpropd

#   server_args     = kpropd


But it didn’t work.

So I try to add “kiprop/ ip-10-21-14-33.envisioncn.com” in kadmin database and keytab(master/slave both),

It didn’t work.

Q1: What happened? What kprop do? I only know it would connect to “ip-10-21-14-33.envisioncn.com”’s kpropd process and sync database, what step it would do before connect to slave kdc?

Q2:What means “key table” ? Is that “keytab”

Q3:What means “credentials” ? Is that “tgt”?


All My operations follow this guide “http://web.mit.edu/kerberos/krb5-1.14/doc/admin/install_kdc.html”

Thx

Beat Regards
________________________________________
Chuanjie Duan
Mail:chuanjie.duan at envisioncn.com<mailto:chuanjie.duan at envisioncn.com>




本邮件(包括任何附件)内容机密并受法律保护。如果您意外地收到这封邮件,请回复通知发件人并从当前系统中删除本邮件。任何未经授权者,严禁使用并部分或者全部的转发本条信息。任何未经授权的使用或传播都是被严格禁止的。远景能源与其分公司不对因不正确和不完整的转发此邮件包含的信息以及因任何因邮件延迟或对你的系统造成的损害而负责。远景能源不能保证此邮件的真实完整性,也不能确定此邮件是否含有病毒或者监听程序。
This email message (including any attachments) is confidential and may be legally privileged. If you have received it by mistake, please notify the sender by return email and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. Envision Energy Limited and all its subsidiaries shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. Envision Energy Limited does not guarantee the integrity of this email message, nor that this email message is free of viruses, interceptions, or interference.


More information about the Kerberos mailing list