kprop problem: Bad response (during sendauth exchange)
Mike Friedman
mikef at ack.Berkeley.EDU
Fri Jun 17 17:20:09 EDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 17 Jun 2005 at 16:38 (-0400), Shivakeshav Santi wrote:
> I am getting the following error when ever I use kprop to propagate
> the database from master to slave.
>
> on master :
> kprop -f to_slav -s kprop.keytab slave
> Bad response (during sendauth exchange) while authenticating to server
>
> I have the required host key in the host keytab on master and slave. I
> have both master and slave listed in the kpropd.acl on master and slave.
>
> every thing else seems to be fine. Did anyone encounter such problem ?
Did you by any chance download the slave's host keytab info a second time
after populating the keytab file on the slave? If so, you'd have a
problem. This is because each ktutil download for a principal causes the
key to be re-randomized in the KDC before the download. Thus, the second
download would cause the slave host key in the KDC no longer to match
what's in the keytab file on the slave. Then, when the kprop client on
the master gets its service ticket for kpropd, it will be encrypted in the
*current* slave host key. Since this would no longer agree with what's in
the slave's keytab, authentication to kpropd on the slave would fail.
On the other hand, if you didn't do any of this, then ... never mind!
Mike
_____________________________________________________________________
Mike Friedman System and Network Security
mikef at ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu
_____________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBQrM+la0bf1iNr4mCEQKIuACg5VUBQsIr30phTlF1RoTQPZ4mlgUAoOit
tLjWTs2+MmQb3+U3BZTVdbPo
=/uY8
-----END PGP SIGNATURE-----
More information about the krbdev
mailing list