[36274] in Kerberos
Re: principal~.kadm5 & C.
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Wed Jul 16 10:49:04 2014
Date: Wed, 16 Jul 2014 10:48:39 -0400 (EDT)
From: Benjamin Kaduk <kaduk@mit.edu>
To: Giuseppe Mazza <g.mazza@imperial.ac.uk>
In-Reply-To: <53C68B42.5000101@imperial.ac.uk>
Message-ID: <alpine.GSO.1.10.1407161047540.21571@multics.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, 16 Jul 2014, Giuseppe Mazza wrote:
> On 16/07/14 15:12, Benjamin Kaduk wrote:
>> On Wed, 16 Jul 2014, Giuseppe Mazza wrote:
>>
>>>
>>> <<My questions>>
>>> - Any idea how to solve the above problem?
>>> - If you think that the two kerberos versions are too different, can you
>>> think a different strategy to solve the problem?
>>
>> You neglected to show the 'klist -kt /etc/krb5.keytab' output for both
>> machines.
>>
>
> Sorry...
>
> 1] slave
> root@tt-u1404:/var/lib/krb5kdc# klist -kt /etc/krb5.keytab
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Timestamp Principal
> ---- -----------------
> --------------------------------------------------------
> 3 27/06/14 14:43:13 host/tt-u1404.doc.ic.ac.uk@DOC.IC.AC.UK
>
> 2] master
> [root@london ~]# klist -kt /etc/krb5.keytab
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Timestamp Principal
> ---- -----------------
> --------------------------------------------------------
> 7 05/22/06 11:38:02 host/london.doc.ic.ac.uk@DOC.IC.AC.UK
Hmm, I think that should be sufficient, but a kpropd.acl file is also
needed on the slave KDC, as discussed in
http://web.mit.edu/kerberos/krb5-latest/doc/admin/install_kdc.html#configure-slave-kdcs
-Ben
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
