Multi-realm Database propagation problem.
Austin Gonyou
austin at coremetrics.com
Wed Apr 17 16:43:00 EDT 2002
I made a copy of my kerberos-master KDC setup, and put it on the
kerberos-slave1 system. I added host principals for the KDCs and put
them in krb5.keytab like the documentation stated, then I ensured the
same keytab exists on the KDCs.
I am on linux so I am using xinetd, but I created a krb5_prop file and
it works, at least I think it does, xinetd starts fine, sockets are
open.
I did a krb5_util dump /var/kerberos/krb5kdc/slave_datatrans. (this will
only take the default_realm from my krb5.conf, I know.)
ensured that all host/NAME principals are in kpropd.acl on the master
and slave KDCs.
then I run kprop:
[root at Kerberos-Master root]# kprop -f
/var/kerberos/krb5kdc/slave_datatrans kerberos-slave1
kprop: Bad encryption type while getting initial ticket
I can krlogin and krsh ATM as root, without a password, no problem. So
where's the problem it's talking about? I've watched my messages file,
(where I'm putting all kdc messages), and only see a requested ticket by
root for kerberos-slave1. I'm not using DNS, as this is a closed setup,
and I don't care about that ATM. What's the problem here?
Any help is much appreciated.
--
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com
"It is the part of a good shepherd to shear his flock, not to skin it."
Latin Proverb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20020417/d6950652/attachment.bin
More information about the krbdev
mailing list