[Bug 913166] [NEW] kprop will not find slave-kdc
Russ Allbery
rra at debian.org
Sat Jan 7 17:07:22 UTC 2012
Stefan Kania <913166 at bugs.launchpad.net> writes:
> I confgured the KDC-master for replication. then configured the
> slave. Then I startet propagaition with:
> ------------------------
> kprop -f /root/slave-repl -r EXAMPLE.NET kerb-repl.example.net
> -------------------------
> And I got the error-message
> -------------------------
> kprop: Client not found in Kerberos database while getting initial ticket
> ----------------------
kprop is *extremely* finicky about hostnames used to derive credentials,
and not very good about reporting errors. The problem you're seeing isn't
due to the slave side, but rather the master side:
> Here the errormessage from the logfile:
> -----------------
> Jan 07 17:19:20 kerberos krb5kdc[2029](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.123.110: CLIENT_NOT_FOUND: host/kerberos at EXAMPLE.NET for host/kerb-repl.example.net at EXAMPLE.NET, Client not found in Kerberos database
> -----------------
The master authenticates to the slave using the master's host/* principal,
which kprop derives from the local hostname. In this case, I suspect the
local hostname of the master is the unqualified "kerberos", so kprop
attempts to get initial tickets for host/kerberos at EXAMPLE.NET, which
fails.
Changing the system hostname of the master to kerberos.example.net will
probably fix this problem.
kprop should really gain an additional command-line option to specify the
client principal to authenticate as.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/913166
Title:
kprop will not find slave-kdc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/913166/+subscriptions
More information about the Ubuntu-server-bugs
mailing list