[1743] in Kerberos
problem with KRB_MASTER (was Re: how to set up a slave server)
daemon@ATHENA.MIT.EDU (Mark Frost)
Tue Jan 28 01:56:07 1992
Date: 27 Jan 92 02:27:56 GMT
From: mfrost@xtort.eng.pyramid.com (Mark Frost)
To: kerberos@shelby.Stanford.EDU
In article <9201230555.AA23000@tsx-11.MIT.EDU> tytso@Athena.MIT.EDU writes:
>The problem you are experiencing is due to the fact that kprop and
>kpropd are pretty crufty pieces of code (sorry; we never got around to
>rewriting it, and neither has anyone else). You can fix it by either
>changing the name of your Kerberos master server to "Kerberos", or by
>changing the definition of KRB_MASTER in krb.h. The basic problem is
>that the name of the master server needs to be hardcoded into kprop and
>kpropd, under their current implementation.
>
> - Ted
I seem to be having a problem along these lines (although I'm not messing with
the kprop stuff). This is all using version 4, by the way...
When I set the name "KRB_MASTER" in krb.h to be the name of the machine which
is the kerberos server everything seems to work fine. When I add myself to
the database, I am able to do a kinit and grab my tgt. However, when I try
to do a kpasswd to test if I can reset my password, it fails indicating
"unknown principal (kerberos)".
After dredging through the code for a while, I've made some discoveries.
First, when kdb_init is run, principal "changepw" instance KRB_MASTER is
created. When I run kpasswd it is trying to acquire principal "changepw"
instance "kerberos" (not the name of my kerberos server machine). It appears
as if kpasswd is using the macro KADM_SINST (I think that's right) which is
coming from kadm.h and is hard-coded there to be "kerberos".
If I redefine my KRB_MASTER macro to be just "kerberos" (NOT the name of the
machine it is running on), things seem to work, at least up to the kpasswd
test - I haven't gone further, so something else might be broken as a result
of this.
Shouldn't KADM_SINST be the same as KRB_MASTER? Things seem to be broken if
they're different. I'm considering either hard-coding the name there of
KRB_MASTER or just doing "#define KADM_SINST KRB_MASTER" assuming that will
work - I'm not sure of the order in which these files are included. Why
would these values ever be different?
Thanks
-m----------- Mark Frost (mfrost@pyramid.com)
---mmm--------- System Administrator - R&D Engineering Group
-----mmmmm------- Pyramid Technology Corporation
-------mmmmmmm----- 3860 North First Street
---------mmmmmmmmm--- San Jose, California 95134
-----------mmmmmmmmmmm- (408) 428-8163
