[29672] in Kerberos
kprop between master (solaris) and slave (mandriva)
daemon@ATHENA.MIT.EDU (Marcin N)
Fri Apr 11 10:00:27 2008
From: Marcin N <nichu@nospam.onet.pl>
Date: Fri, 11 Apr 2008 15:48:09 +0200
Message-ID: <ftnq5r$a8v$1@news.onet.pl>
Mime-Version: 1.0
X-Complaints-To: usenet@news.onet.pl
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello
I would like to make replication between two hosts with different OS's -
solaris as master and mandriva as slave.
On master everything seems to be OK.
So on slave I initialized databases
kdb5_util create -r NET.COM -s
On both sides I run
kpropd -S
On both sides krb5.conf looks like:
===============================================
[libdefaults]
default_realm = NET.COM
[realms]
NET.COM = {
admin_server = master0
kdc = master0
kdc = slave
master_kdc = master0
}
[domain_realm]
.net.com = NET.COM
net.com = NET.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
===============================================
kpropd.acl
host/slave.net.com@NET.COM
host/master0.net.com@NET.COM
host/master0@NET.COM
host/slave
host/master0
there are entries for both hosts in krb database on both sides as well,
I even turn off firewall on both sides to check...
and when I try to propagate data
/usr/lib/krb5/kprop -d -f krb5.dump slave.net.com
there is error:
/usr/lib/krb5/kprop: Server rejected authentication (during sendauth
exchange) while authenticating to server
Generic remote error: Wrong principal in request
in kdc.log on master
Apr 11 15:24:01 master0 krb5kdc[24492](info): AS_REQ (5 etypes {17 16 23
3 1}) 192.168.5.5: NEEDED_PREAUTH: host/master0@NET.COM for
host/slave.net.com@NET.COM, Additional pre-authentication required
Apr 11 15:24:01 master0 krb5kdc[24492](info): AS_REQ (5 etypes {17 16 23
3 1}) 192.168.5.5: ISSUE: authtime 1207920241, etypes {rep=17 tkt=17
ses=17}, host/master0@NET.COM for host/slave.net.com@NET.COM
I read somewhere that I need to copy krb5.keytab from master to slave -
and I did and it didn't help.
Maybe it's due to differences in software?!
on solaris I have installed packets from CD:
svcadm enable svc:/network/security/krb5kdc
svcadm enable svc:/network/security/krb5_prop
svcadm enable svc:/network/security/kadmin
on mandriva via urpmi
krb5-workstation-1.4.2-2.2.20060mdk
libkrb53-1.4.2-2.2.20060mdk
krb5-server-1.4.2-2.2.20060mdk
Thank You in advance for any help
Regards
nichu
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
