[39259] in Kerberos
Re: How to view KVNO on slave
daemon@ATHENA.MIT.EDU (Russ Allbery)
Sat Oct 7 12:28:39 2023
From: Russ Allbery <eagle@eyrie.org>
To: Mike via Kerberos <kerberos@mit.edu>
In-Reply-To: <ZSEweGP8vOXerlCH@lightning.iz.norgie.net> (Mike via Kerberos's
message of "Sat, 7 Oct 2023 11:18:32 +0100")
Date: Sat, 07 Oct 2023 09:27:00 -0700
Message-ID: <87wmvyv1nv.fsf@hope.eyrie.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Mike via Kerberos <kerberos@mit.edu> writes:
> I'm surmising that the issue might be that the service principle may not
> have replicated corerctly to the slave server, which is used by the
> Apache host. I can see the ticket details on the master using
> kadmin.local and getprinc and I can see the keytab info using ktutil.
> My question is this: How does one view the KVNO in the Slave DB? I
> imaine it's probably available via kdb5_util dump but unfortunatly I
> have not found any documents explaining the fields in the dump.
You can use kadmin.local on the slave the same way that you use it on the
master, I'm fairly sure. It's been a while since I've done this, but I'm
pretty sure the database is the same and the tool doesn't have any idea
whether you're running it on a master or a slave.
I would expect you to get replication errors if there was a replication
problem. If you're only doing incremental replication and you think
something may have gone wrong, you can always do a full replication, which
guarantees that the slave is identical to the master.
--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
