Multi-realm Database propagation problem.

Austin Gonyou austin at
Wed Apr 17 16:43:00 EDT 2002

I made a copy of my kerberos-master KDC setup, and put it on the
kerberos-slave1 system. I added host principals for the KDCs and put
them in krb5.keytab like the documentation stated, then I ensured the
same keytab exists on the KDCs. 

I am on linux so I am using xinetd, but I created a krb5_prop file and
it works, at least I think it does, xinetd starts fine, sockets are

I did a krb5_util dump /var/kerberos/krb5kdc/slave_datatrans. (this will
only take the default_realm from my krb5.conf, I know.)

ensured that all host/NAME principals are in kpropd.acl on the master
and slave KDCs. 

then I run kprop:
[root at Kerberos-Master root]# kprop -f
/var/kerberos/krb5kdc/slave_datatrans kerberos-slave1
kprop: Bad encryption type while getting initial ticket

I can krlogin and krsh ATM as root, without a password, no problem. So
where's the problem it's talking about? I've watched my messages file,
(where I'm putting all kdc messages), and only see a requested ticket by
root for kerberos-slave1. I'm not using DNS, as this is a closed setup,
and I don't care about that ATM. What's the problem here?

Any help is much appreciated.

Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at

"It is the part of a good shepherd to shear his flock, not to skin it."
Latin Proverb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url :

More information about the krbdev mailing list