kprop problem: Bad response (during sendauth exchange)
mikef at ack.Berkeley.EDU
Fri Jun 17 17:20:09 EDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 17 Jun 2005 at 16:38 (-0400), Shivakeshav Santi wrote:
> I am getting the following error when ever I use kprop to propagate
> the database from master to slave.
> on master :
> kprop -f to_slav -s kprop.keytab slave
> Bad response (during sendauth exchange) while authenticating to server
> I have the required host key in the host keytab on master and slave. I
> have both master and slave listed in the kpropd.acl on master and slave.
> every thing else seems to be fine. Did anyone encounter such problem ?
Did you by any chance download the slave's host keytab info a second time
after populating the keytab file on the slave? If so, you'd have a
problem. This is because each ktutil download for a principal causes the
key to be re-randomized in the KDC before the download. Thus, the second
download would cause the slave host key in the KDC no longer to match
what's in the keytab file on the slave. Then, when the kprop client on
the master gets its service ticket for kpropd, it will be encrypted in the
*current* slave host key. Since this would no longer agree with what's in
the slave's keytab, authentication to kpropd on the slave would fail.
On the other hand, if you didn't do any of this, then ... never mind!
Mike Friedman System and Network Security
mikef at ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
-----END PGP SIGNATURE-----
More information about the krbdev