Help with replication

Sat, 16 Jul 2022 02:06:20 -0700

I am having problems with replication on a second replica that I am setting 
up.  The second replica looks like the first as far as I can tell, but
I am seeing kdb5-kpropd service failures.  I can kdb5_util dump and load
the database from the master to the new replica just fine, but I am seeing 
the following errors when I start up krb5-kpropd.
2022-07-16T08:17:57.049587+00:00 kdc-iad-1 kpropd[630]: /usr/sbin/kpropd: Key table entry not found while initializing /usr/sbin/kpropd interface, retrying 2022-07-16T08:18:00.385533+00:00 kdc-iad-1 kpropd[630]: /usr/sbin/kpropd: Key table entry not found while initializing /usr/sbin/kpropd interface, retrying 

The DNS entries for both that master and the slave look fine to me.  The
/etc/krb5.keytab on the slave looks fine and it seems to work fine when
I use it to access other services, e.g our ldap servers.
This is a stock Ubuntu 18.04 system with krb5-kdc 1.16 installed. I know this is ancient at this point, but I would really like to understand what 
is happening here before I bit off an upgrade.

Here is my kdc.conf.

[kdcdefaults]
    kdc_ports = 88

[realms]
    MYREALM.COM = {
        kdc_ports        = 88
        kadmind_port     = 749
        iprop_enable     = true
        iprop_port       = 2121
        iprop_slave_pool = 1m
        database_name    = /var/lib/krb5kdc/db/principal
        admin_keytab     = FILE:/etc/krb5kdc/kadm5.keytab
        acl_file         = /etc/krb5kdc/kadm5.acl
        key_stash_file   = /etc/krb5kdc/stash
        max_life           = 25h 0m 0s
        max_renewable_life = 7d 0h 0m 0s
        master_key_type    = aes256-cts-hmac-sha1-96
supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal arcfour-hmac 
:normal des3-hmac-sha1:normal
        default_principal_flags = +preauth
    }

[logging]
    kdc          = FILE:/var/lib/krb5kdc/log/kdc.log
    admin_server = FILE:/var/lib/krb5kdc/log/kadmin.log

What am I missing?  What should I be looking at?

Bill

--
Bill MacAllister <[email protected]>

"Can't sing louder than the guns when I'm gone,
so I guess I'll have to do it while I'm here."
Phil Ochs
________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to