[27762] in Kerberos
Re: (In)Compatibility Issues Between 1.4 and 1.5
daemon@ATHENA.MIT.EDU (Romy Arslan)
Fri May 11 02:41:29 2007
Date: Fri, 11 May 2007 09:40:37 +0300 (EEST)
From: Romy Arslan <rarslan@aub.edu.lb>
To: Sean Elble <elbles@sessys.com>
In-Reply-To: <C267D6F5.347C%elbles@sessys.com>
Message-ID: <Pine.LNX.4.64.0705110934410.20830@simba.aub.edu.lb>
MIME-Version: 1.0
Content-Type: MULTIPART/Mixed; BOUNDARY="===============0443529290=="
Content-ID: <Pine.LNX.4.64.0705110934411.20830@simba.aub.edu.lb>
Cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--===============0443529290==
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Try creating a database on the slave kdc (using the kdb5_util create
-r YOURREALM -s ) before initiating the database propagation from the
master. It worked for us.
Romy Arslan Ext: 2267
Computing & Networking Services
American University of Beirut
--===============0443529290==
Content-Type: MULTIPART/SIGNED; PROTOCOL="application/pkcs7-signature";
MICALG=sha1; BOUNDARY=B_3261585142_1941282
Content-ID: <Pine.LNX.4.64.0705110934412.20830@simba.aub.edu.lb>
Content-Description:
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--B_3261585142_1941282
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.LNX.4.64.0705110934413.20830@simba.aub.edu.lb>
Hi all,
This is my first time posting on the list, mainly because the documentation
is terrific, and I really haven't had any problems with Kerberos - Until
now, of course.
My issue is in setting up a slave KDC here at my home "lab". My master (and
only, to this point) KDC is running on a FC4 box, and is currently at
whatever the last version of Kerberos is that was available on that version
of Fedora (1.4.1). Yeah, I know I need to upgrade that box, but first thing
is first, and I need to get another box doing Kerberos and OpenLDAP before
this other box can be touched.
So, I tried setting up this slave KDC on a fresh CentOS 5 box. I followed
the instructions listed on the install page, but when it comes to run kprop
on the master, I get this message:
[root@intranet ~]# kprop -d -f /var/kerberos/krb5kdc/slave_datatrans
athena.sessys.com
8976 bytes sent.
kprop: Software caused connection abort while reading response from server
And from the /var/log/messages log on athena.sessys.com:
May 9 19:40:39 athena kpropd[22326]: Connection from intranet.sessys.com
May 9 19:40:39 athena kpropd[22326]: /usr/kerberos/sbin/kpropd:
/usr/kerberos/sbin/kdb5_util returned a bad exit status (1)
It at least partially worked, as I get this for a ls in
/var/kerberos/krb5kdc:
[root@athena log]# ls -lah /var/kerberos/krb5kdc/
total 44K
drwxr-xr-x 2 root root 4.0K May 9 19:40 .
drwxr-xr-x 3 root root 4.0K May 9 19:22 ..
-rw------- 1 root root 8.8K May 9 19:40 from_master
-rw-r--r-- 1 root root 807 May 9 19:24 kdc.conf
-rw-r--r-- 1 root root 70 May 9 19:25 kpropd.acl
-rw------- 1 root root 8.0K May 9 19:40 principal~
-rw------- 1 root root 8.0K May 9 19:40 principal~.kadm5
-rw------- 1 root root 0 May 9 19:40 principal~.kadm5.lock
-rw------- 1 root root 0 May 9 19:40 principal~.ok
Kpropd.acl should be configured correctly, as it has the host principals for
both the master and slave on both the master and the slave. The principals
are configured correctly, and their keytabs should be extracted correctly -
After all, it is getting fairly far in the process.
As best as I can figure, this is an issue/incompatibility between the
different Kerberos versions, but if anyone wants to confirm or deny that, I
would very much appreciate it (as I will otherwise try to install a matching
version on the master KDC, after backing up my database, of course). Thanks,
in advance.
--
+-------------------------------------------------+
| Sean Elble |
| Virginia Tech, Class of 2008 |
| Vice President, VTLUUG |
| E-Mail: elbles@sessys.com |
| Web: http://www.sessys.com/~elbles/ |
| Cell: 860.946.9477 |
+-------------------------------------------------+
--B_3261585142_1941282--
--===============0443529290==
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
Content-ID: <Pine.LNX.4.64.0705110934414.20830@simba.aub.edu.lb>
Content-Description:
Content-Disposition: INLINE
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0443529290==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0443529290==--
