How to view KVNO on slave
Mike
kerberos at norgie.net
Sat Oct 7 06:18:32 EDT 2023
Folks,
I have recently upgraded my server estate and this in turn uncovered my
aging 3DES kerberos principles. I've been thought and rekeyed them as
with AES and this has created a little problem. Something went wrong
with the service principle for one of my Apache servers and now key
based authentication is no longer working on that host. I've been
trying to debug it to no avail. Unfortuantely the mod_auth_gssapi, as
far as I can tell, doesn't like giving too much into out.
I'm surmising that the issue might be that the service principle may not
have replicated corerctly to the slave server, which is used by the
Apache host. I can see the ticket details on the master using
kadmin.local and getprinc and I can see the keytab info using ktutil.
My question is this: How does one view the KVNO in the Slave DB? I
imaine it's probably available via kdb5_util dump but unfortunatly I
have not found any documents explaining the fields in the dump.
If anyone can advise on how to get the KVNO from the slave or indeed has
any other advice, it would be gratefully receieved.
Regards,
Mike.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mailman.mit.edu/pipermail/kerberos/attachments/20231007/8c24a7a3/attachment.sig>
More information about the Kerberos
mailing list