[32433] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Setting up slave KDC when realm info is in LDAP (initially

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jun 7 14:52:02 2010

From: Greg Hudson <ghudson@mit.edu>
To: Holger Rauch <holger.rauch@empic.de>
In-Reply-To: <20100605174352.GA28015@heitec.de>
Date: Mon, 07 Jun 2010 14:51:51 -0400
Message-ID: <1275936711.2419.966.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Sat, 2010-06-05 at 13:43 -0400, Holger Rauch wrote:
> When I try to start the slave KDC on host kdchost2.our.domain, I see
> this error message in /var/log/kerberos/krb5kdc.log, even though I
> copied the service.keyfile from the master KDC:
> 
> krb5kdc: Cannot find/read stored master key - while fetching master
> key K/M for realm OUR.DOMAIN

There are two key files used in a deployment like yours, one containing
the passwords used to bind to the LDAP server, and another containing a
"master key" which encrypts key information.

The master key stash file should be named /var/krb5kdc/.k5.OUR.DOMAIN
since you haven't overridden its location.


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32433] in Kerberos

Re: Setting up slave KDC when realm info is in LDAP (initially

daemon@ATHENA.MIT.EDU (Greg Hudson)Mon Jun 7 14:52:02 2010

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jun 7 14:52:02 2010