[Bug 913166] [NEW] kprop will not find slave-kdc

Russ Allbery rra at debian.org
Sat Jan 7 17:07:22 UTC 2012 

Stefan Kania <913166 at bugs.launchpad.net> writes:

> I confgured the KDC-master for replication. then configured the
> slave. Then I startet propagaition with:
> ------------------------
> kprop -f /root/slave-repl -r EXAMPLE.NET  kerb-repl.example.net
> -------------------------

> And I got the error-message 
> -------------------------
> kprop: Client not found in Kerberos database while getting initial ticket
> ----------------------

kprop is *extremely* finicky about hostnames used to derive credentials,
and not very good about reporting errors.  The problem you're seeing isn't
due to the slave side, but rather the master side:

> Here the errormessage from the logfile:
> -----------------
> Jan 07 17:19:20 kerberos krb5kdc[2029](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.123.110: CLIENT_NOT_FOUND: host/kerberos at EXAMPLE.NET for host/kerb-repl.example.net at EXAMPLE.NET, Client not found in Kerberos database
> -----------------

The master authenticates to the slave using the master's host/* principal,
which kprop derives from the local hostname.  In this case, I suspect the
local hostname of the master is the unqualified "kerberos", so kprop
attempts to get initial tickets for host/kerberos at EXAMPLE.NET, which
fails.

Changing the system hostname of the master to kerberos.example.net will
probably fix this problem.

kprop should really gain an additional command-line option to specify the
client principal to authenticate as.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/913166

Title:
  kprop will not find slave-kdc

Status in “krb5” package in Ubuntu:
  New

Bug description:
  
  System:
  lsb_release -rd
  Description:    Ubuntu precise (development branch)
  Release:        12.04

  Pakage:
  apt-cache policy krb5-kdc
  krb5-kdc:
    Installiert: 1.10+dfsg~alpha2-1
    Kandidat:    1.10+dfsg~alpha2-1
    Versionstabelle:
   *** 1.10+dfsg~alpha2-1 0
          500 http://de.archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages
          100 /var/lib/dpkg/status


  I confgured the KDC-master for replication. then configured the slave. Then I startet propagaition with: 
  ------------------------
  kprop -f /root/slave-repl -r EXAMPLE.NET  kerb-repl.example.net
  -------------------------

  And I got the error-message 
  -------------------------
  kprop: Client not found in Kerberos database while getting initial ticket
  ----------------------

  The Client is part of the Database, as you can see :
  -----------------
  kadmin:  listprincs 
  K/M at EXAMPLE.NET
  daniel at EXAMPLE.NET
  host/kerb-repl.example.net at EXAMPLE.NET
  host/kerberos.example.net at EXAMPLE.NET
  kadmin/admin at EXAMPLE.NET
  kadmin/changepw at EXAMPLE.NET
  kadmin/kerberos at EXAMPLE.NET
  krbtgt/EXAMPLE.NET at EXAMPLE.NET
  root/admin at EXAMPLE.NET
  -----------------

  Here the errormessage from the logfile:
  -----------------
  Jan 07 17:19:20 kerberos krb5kdc[2029](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.123.110: CLIENT_NOT_FOUND: host/kerberos at EXAMPLE.NET for host/kerb-repl.example.net at EXAMPLE.NET, Client not found in Kerberos database
  -----------------

  The krb5.keytab is created and copied to the slave. Starting "kprop" tcpdump shows now networktraffic at all. 
  DNS is working. Login as user with a principal is working. Also the login with any user from the KDC-Master Database on any Client ( including the KDC-slave) is possible.

  The same configuration works with krb5-kdc Version 1.8.3

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: krb5-kdc 1.10+dfsg~alpha2-1
  ProcVersionSignature: Ubuntu 3.2.0-8.14-generic 3.2.0
  Uname: Linux 3.2.0-8-generic x86_64
  ApportVersion: 1.90-0ubuntu1
  Architecture: amd64
  Date: Sat Jan  7 17:07:01 2012
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Alpha amd64 (20111129)
  ProcEnviron:
   PATH=(custom, no user)
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  SourcePackage: krb5
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/913166/+subscriptions

More information about the foundations-bugs mailing list