[31218] in Kerberos
kprop error
daemon@ATHENA.MIT.EDU (Adam Williams)
Wed Jun 3 13:20:18 2009
Message-ID: <4A26AC5A.10703@mdah.state.ms.us>
Date: Wed, 03 Jun 2009 12:01:14 -0500
From: Adam Williams <awilliam@mdah.state.ms.us>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I'm using the howto at
http://www-theorie.physik.unizh.ch/~dpotter/howto/kerberos, but I'm
getting the following error when trying to copy the database to the
slave kerberos server:
[root@roark krb5kdc]# kprop -f /var/kerberos/krb5kdc/slave_datatrans
archives3.mdah.state.ms.us
kprop: Decrypt integrity check failed while getting initial ticket
I've google searched on the error and other people have the problem, but
I wasn't able to find a fix that worked for me. Both the master (roark)
and the slave (archives3) are Fedora 10 x86_64, kpropd is running on
archives3 and I can telnet and connect to port 754 on archives3. On
archives3, /var/kerberos/krb5kdc/kpropd.acl has:
host/roark.mdah.state.ms.us@MDAH.STATE.MS.US
host/archives3.mdah.state.ms.us@MDAH.STATE.MS.US
and I copied /etc/krb5.conf, /var/kerberos/krb5kdc/kdc.conf,
/var/kerberos/krb5kdc/kadm5.acl, and /etc/gssapi_mech.conf from roark to
archives3.
My /etc/krb5.conf is:
[libdefaults]
default_realm = MDAH.STATE.MS.US
dns_lookup_realm = false
dns_lookup_kdc = false
clockskew = 120
[realms]
MDAH.STATE.MS.US = {
kdc = roark.mdah.state.ms.us:88
kdc = archives3.mdah.state.ms.us:88
admin_server = roark.mdah.state.ms.us:749
default_domain = mdah.state.ms.us
}
[domain_realm]
.mdah.state.ms.us = MDAH.STATE.MS.US
mdah.state.ms.us = MDAH.STATE.MS.US
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
kinit = {
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
}
any ideas on why I'm getting that error and how to fix it?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
