kprop problem: Bad response (during sendauth exchange)

Mike Friedman mikef at ack.Berkeley.EDU
Fri Jun 17 17:20:09 EDT 2005

Hash: SHA1

On Fri, 17 Jun 2005 at 16:38 (-0400), Shivakeshav Santi wrote:

>   I am getting the following error when ever I use kprop to propagate 
> the database from master to slave.
> on master :
> kprop -f to_slav -s kprop.keytab slave
> Bad response (during sendauth exchange) while authenticating to server
> I have the required host key in the host keytab on master and slave. I 
> have both master and slave listed in the kpropd.acl on master and slave.
> every thing else seems to be fine. Did anyone encounter such problem ?

Did you by any chance download the slave's host keytab info a second time 
after populating the keytab file on the slave?  If so, you'd have a 
problem.  This is because each ktutil download for a principal causes the 
key to be re-randomized in the KDC before the download.  Thus, the second 
download would cause the slave host key in the KDC no longer to match 
what's in the keytab file on the slave.  Then, when the kprop client on 
the master gets its service ticket for kpropd, it will be encrypted in the 
*current* slave host key.  Since this would no longer agree with what's in 
the slave's keytab, authentication to kpropd on the slave would fail.

On the other hand, if you didn't do any of this, then ... never mind!


Mike Friedman                   System and Network Security
mikef at ack.Berkeley.EDU          2484 Shattuck Avenue
1-510-642-1410                  University of California at Berkeley

Version: PGP 6.5.8


More information about the krbdev mailing list