Stefan Kania <913...@bugs.launchpad.net> writes:
> I confgured the KDC-master for replication. then configured the
> slave. Then I startet propagaition with:
> ------------------------
> kprop -f /root/slave-repl -r EXAMPLE.NET kerb-repl.example.net
> -------------------------
> And I got the error-message
> -------------------------
> kprop: Client not found in Kerberos database while getting initial ticket
> ----------------------
kprop is *extremely* finicky about hostnames used to derive credentials,
and not very good about reporting errors. The problem you're seeing isn't
due to the slave side, but rather the master side:
> Here the errormessage from the logfile:
> -----------------
> Jan 07 17:19:20 kerberos krb5kdc[2029](info): AS_REQ (4 etypes {18 17 16 23})
> 192.168.123.110: CLIENT_NOT_FOUND: host/kerbe...@example.net for
> host/kerb-repl.example....@example.net, Client not found in Kerberos database
> -----------------
The master authenticates to the slave using the master's host/* principal,
which kprop derives from the local hostname. In this case, I suspect the
local hostname of the master is the unqualified "kerberos", so kprop
attempts to get initial tickets for host/kerbe...@example.net, which
fails.
Changing the system hostname of the master to kerberos.example.net will
probably fix this problem.
kprop should really gain an additional command-line option to specify the
client principal to authenticate as.
--
Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/913166
Title:
kprop will not find slave-kdc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/913166/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
