[36669] in Kerberos
Re: Incremental database propagation kpropd error
daemon@ATHENA.MIT.EDU (Antonio Senatore)
Wed Dec 10 04:44:07 2014
MIME-Version: 1.0
In-Reply-To: <alpine.GSO.1.10.1412051703540.23489@multics.mit.edu>
Date: Wed, 10 Dec 2014 09:43:40 +0000
Message-ID: <CAATH9R1D9KtY2bX0NdUZWRLdVYqev8t6z3cXocSdbTehRm6++Q@mail.gmail.com>
From: Antonio Senatore <bacco1977@gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Yes, they are OK.
Any other idea?
On Fri, Dec 5, 2014 at 10:04 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> On Fri, 5 Dec 2014, Antonio Senatore wrote:
>
> > Hello everybody.
> > I do hope this is the correct mailing list.
> >
> > I have configure kerberos incremental propagation using this guide here:
> >
> >
> https://www.soljerome.com/blog/2013/01/12/mit-incremental-database-propagation/
> >
> >
> > I have one master and one slave KDC, likewise the guide.
> >
> >
> > However, when I run the kpropd daemon in standalone (debugging mode), I
> get
> > the following message:
> >
> >
> >
> > kpropd: Incorrect password while initializing kpropd interface, retrying
> >
> >
> > It auggests that the kprop daemon cannot authenticate, but I'm not sure
> > where the problem lies.
>
> Check that the system keytab (/etc/krb5.keytab) on both master and slave
> contains the host/f.q.d.n principal corresponding to the machine in
> question, and that the machines and the (reverse) DNS all agree on the
> hostnames involved, and that they are fully-qualified.
>
> -Ben Kaduk
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
