[6417] in Kerberos

home help back first fref pref prev next nref lref last post

Kerberos V5 Beta 5 and Slave Servers

daemon@ATHENA.MIT.EDU (Greg Rumple)
Mon Jan 1 14:54:06 1996

To: kerberos@MIT.EDU
Date: 1 Jan 1996 19:41:11 GMT
From: grumple@grumpy.magg.net (Greg Rumple)

Okay, I have just spent the last 4 hours trying my darnest to figure out
how to get a slave server up and running with Kerberos V5 Beta 5 and so far
all I have done is get frustrated.  I could find no real docs on doing 
this (docs need to be written it says).  So I second guessed it.

Here is what I did, on my master server I did an ark host/grumpy.magg.net,
which is it's name, and then did an ark host/doc.magg.net, which is the 
server I planned on making a slave.  I modified the krb5.conf files on both
to look like this.

[libdefaults]
        ticket_lifetime = 600
        default_realm = MAGG-NET

[realms]
        MAGG-NET = {
                kdc = GRUMPY.MAGG.NET
                kdc = DOC.MAGG.NET
                admin_server = GRUMPY.MAGG.NET
                default_domain = MAGG.NET
        }

[domain_realm]
        .magg.net = MAGG-NET
        magg.net = MAGG-NET

Now all is well on the main server, but when I try and do a kprop to
the slave, I get the following error on the slave.

Jan  1 14:27:52 doc kpropd[15480]: Rejected connection from unauthorized 
principal host/grumpy.magg.net@MAGG-NET

Now of course I did do an xst grumpy.magg.net host on grumpy and did move 
that file to /etc/v5srvtab on grumpy, and also did a xst doc.magg.net 
host on grumpy, and moved that file to /etc/v5srvtab on doc, which is 
sorta what the docs said to do on the one web page that even MENTIONED 
slave servers.  So now that I'm completely baffled here, what do I have 
to do to get this to work, it rejects it on the slave end, and causes the 
master end to spit out an odd message as well.

/krb5/sbin/kprop: ASN.1 structure is missing a required field while 
encoding database size

So if anyone knows how to do this properly please let me know, I'm on my 
last straw with this.  I'm ready to go back to just one server again, it 
was so much easier.  I only use this for authentication using Xyplex 
Terminal Servers, nothing more anyway.

Thanks.

-- 
|-----------------------------------------------------|
|  Greg Rumple                     grumple@magg.net   |
|                                                     |
|  M.A.G. Information Services System Administrator   |
|                                                     |
| http://www.magg.net  South Florida's I-Net Provider |
|  (407) 964-9841           Accounts from 19.95       |
|-----------------------------------------------------|
home help back first fref pref prev next nref lref last post