[27758] in Kerberos
Re: (In)Compatibility Issues Between 1.4 and 1.5
daemon@ATHENA.MIT.EDU (Sean Elble)
Wed May 9 23:24:32 2007
Date: Wed, 09 May 2007 23:24:09 -0400
From: Sean Elble <elbles@sessys.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Message-ID: <C2680899.3483%elbles@sessys.com>
In-Reply-To: <C267D6F5.347C%elbles@sessys.com>
Mime-version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I may have gotten it, thanks to this thread that I found once I started
kpropd on the console, and saw some more useful information:
http://mailman.mit.edu/pipermail/krb5-bugs/2006-June/004749.html
Just in case that helps anyone else out . . . Now I finally have Kerberos
and OpenLDAP replication working (with SASL-GSSAPI for the LDAP part). Who
needs Active Directory? :-)
On 5/9/07 7:52 PM, "Sean Elble" <elbles@sessys.com> wrote:
> Hi all,
>
> This is my first time posting on the list, mainly because the documentation
> is terrific, and I really haven't had any problems with Kerberos - Until
> now, of course.
>
> My issue is in setting up a slave KDC here at my home "lab". My master (and
> only, to this point) KDC is running on a FC4 box, and is currently at
> whatever the last version of Kerberos is that was available on that version
> of Fedora (1.4.1). Yeah, I know I need to upgrade that box, but first thing
> is first, and I need to get another box doing Kerberos and OpenLDAP before
> this other box can be touched.
>
> So, I tried setting up this slave KDC on a fresh CentOS 5 box. I followed
> the instructions listed on the install page, but when it comes to run kprop
> on the master, I get this message:
>
> [root@intranet ~]# kprop -d -f /var/kerberos/krb5kdc/slave_datatrans
> athena.sessys.com
> 8976 bytes sent.
> kprop: Software caused connection abort while reading response from server
>
> And from the /var/log/messages log on athena.sessys.com:
>
> May 9 19:40:39 athena kpropd[22326]: Connection from intranet.sessys.com
> May 9 19:40:39 athena kpropd[22326]: /usr/kerberos/sbin/kpropd:
> /usr/kerberos/sbin/kdb5_util returned a bad exit status (1)
>
> It at least partially worked, as I get this for a ls in
> /var/kerberos/krb5kdc:
>
> [root@athena log]# ls -lah /var/kerberos/krb5kdc/
> total 44K
> drwxr-xr-x 2 root root 4.0K May 9 19:40 .
> drwxr-xr-x 3 root root 4.0K May 9 19:22 ..
> -rw------- 1 root root 8.8K May 9 19:40 from_master
> -rw-r--r-- 1 root root 807 May 9 19:24 kdc.conf
> -rw-r--r-- 1 root root 70 May 9 19:25 kpropd.acl
> -rw------- 1 root root 8.0K May 9 19:40 principal~
> -rw------- 1 root root 8.0K May 9 19:40 principal~.kadm5
> -rw------- 1 root root 0 May 9 19:40 principal~.kadm5.lock
> -rw------- 1 root root 0 May 9 19:40 principal~.ok
>
> Kpropd.acl should be configured correctly, as it has the host principals for
> both the master and slave on both the master and the slave. The principals
> are configured correctly, and their keytabs should be extracted correctly -
> After all, it is getting fairly far in the process.
>
> As best as I can figure, this is an issue/incompatibility between the
> different Kerberos versions, but if anyone wants to confirm or deny that, I
> would very much appreciate it (as I will otherwise try to install a matching
> version on the master KDC, after backing up my database, of course). Thanks,
> in advance.
--
+-------------------------------------------------+
| Sean Elble |
| Virginia Tech, Class of 2008 |
| Vice President, VTLUUG |
| E-Mail: elbles@sessys.com |
| Web: http://www.sessys.com/~elbles/ |
| Cell: 860.946.9477 |
+-------------------------------------------------+
________________________________________________________________________
SES Computer Systems Anti-Virus and Anti-Spam E-Mail Filtering
Powered By ClamAV & SpamAssassin
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
