Password has expired while getting initial ticket during replication

Stephen Carville (Kerberos List) b44261a2 at
Mon Dec 2 12:02:52 EST 2019

Kind of at wits end here...

Recently replication to the slave servers broke.  I last update was on 
Sep 10 07:01 but did not discover it until starting to migrate from 
CentOS 6 to CentOS 7.

The following script runs hourly


# export the Kerberos database
/usr/sbin/kdb5_util dump /var/kerberos/krb5kdc/slave_datatrans

# propogate to all the slave servers
for SLAVE in $SLAVES; do
   /usr/sbin/kprop -f /var/kerberos/krb5kdc/slave_datatrans $SLAVE

The error is:

/usr/sbin/kprop: Password has expired while getting initial ticket

I restarted krb5kdc on both servers and kpropd on the slave server.  I 
recreated the keytab file on both servers.  Error is still the same

I can get a ticket using either server but I just cannot get replication 
working again.

system is CentOS 6

Kerberos version is 1.10.3


More information about the Kerberos mailing list