[39257] in Kerberos
How to view KVNO on slave
daemon@ATHENA.MIT.EDU (Mike via Kerberos)
Sat Oct 7 06:20:30 2023
Date: Sat, 7 Oct 2023 11:18:32 +0100
To: kerberos@mit.edu
Message-ID: <ZSEweGP8vOXerlCH@lightning.iz.norgie.net>
MIME-Version: 1.0
From: Mike via Kerberos <kerberos@mit.edu>
Reply-To: Mike <kerberos@norgie.net>
Content-Type: multipart/mixed; boundary="===============8703237860758635811=="
Errors-To: kerberos-bounces@mit.edu
--===============8703237860758635811==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="oFqk/5IsNwmvhtQ5"
Content-Disposition: inline
--oFqk/5IsNwmvhtQ5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Folks,
I have recently upgraded my server estate and this in turn uncovered my
aging 3DES kerberos principles. I've been thought and rekeyed them as
with AES and this has created a little problem. Something went wrong
with the service principle for one of my Apache servers and now key
based authentication is no longer working on that host. I've been
trying to debug it to no avail. Unfortuantely the mod_auth_gssapi, as
far as I can tell, doesn't like giving too much into out.
I'm surmising that the issue might be that the service principle may not
have replicated corerctly to the slave server, which is used by the
Apache host. I can see the ticket details on the master using
kadmin.local and getprinc and I can see the keytab info using ktutil.
My question is this: How does one view the KVNO in the Slave DB? I
imaine it's probably available via kdb5_util dump but unfortunatly I
have not found any documents explaining the fields in the dump.
If anyone can advise on how to get the KVNO from the slave or indeed has
any other advice, it would be gratefully receieved.
Regards,
Mike.
--oFqk/5IsNwmvhtQ5
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEELLIsu3X0rLdOylbZ4Vi9eUgjvvMFAmUhMHUACgkQ4Vi9eUgj
vvOOxxAAhWanc/mz3scEEa4eokmmNdXOVqqvqP/zPYe1e9EfwSIvEnVfLyBgg4AJ
MMWTv5iaAx6L2xlxwffMLX/4oW+++PuN+zNCteqpZTXC44zXyK8kphjD8IidtOg+
tlBuUySzkXS1XkLapY0pDy00nS7Uv4IYB56PiW3ts+jpVyyDCWjNaMMBSXXEOxDZ
+y4X3sZR3durMD/uSIRIqco0vxkPf089zbM8fLhUb3yYMufiSMWCJ5kLR8itc9fB
/ErppXQVDQlupEGJvw50sNkw4t2HTquTcm9wL/SAyjLqpbjM6w1P8GjpGZfWLnCM
b3fyc9kEYcR+nnWBSKH51QA0fpCA5lI/rAVKXSg//v+pfPS/9etaV8GOgpKXwzyU
dEbqLxvEqCCHNcuxM9tgko2Gp4sde1TGf0J+9d4bMyzuzylB5zM6JwTq5mnGoDGg
O29/wfzFRDwTJW5t1LxtFNcq9WaETY8P6g5evizeFSLb/8YPsAyINm9QTxWzouGv
1dGihAj+D03TvXuS3ZAHIfcVUMh0EIt+ekJmi9yn80iq1sDnW+Cl+rEho6PCbfXU
Eybze/eCxHfsR+SqPbro/t0+7cTPDV4/wsbfrzZzWSb1UlN65UH9Strb1ef0EUQO
GAKCXFsqSH6gFH0jst8jLpwgYunnP2/6vFHLW8YDjnLBdLwAmRg=
=ngwW
-----END PGP SIGNATURE-----
--oFqk/5IsNwmvhtQ5--
--===============8703237860758635811==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============8703237860758635811==--
