I am trying to setup krb5 auth on amanda 2.6.0p1. I built the server
and client --with-krb5-security, added a new principal to my KDC
([EMAIL PROTECTED] REALM), and wrote a keytab file and placed it
on the server. It is locked down so only amandabackup (the user that
runs amanda) can read it. The clients have a .k5amandahosts file
containing the following:
[EMAIL PROTECTED] REALM
backupmaster.f.q.d.n [EMAIL PROTECTED] REALM
my amanda.conf file contains
krb5keytab "/etc/amanda/krb5.keytab-amanda"
krb5principal "[EMAIL PROTECTED] REALM"
On both of my krb5 auth clients I am seeing this error:
1214425629.641678: amandad: critical (fatal): gss_server failed: real
uid is 10036, needs to be 0 to read krb5 host key
10036 is the UID for amandabackup, 0 is the UID for root.
Both clients work fine if I just use bsdtcp auth. I am using ssh auth
everywhere else but for these two particular hosts I cannot use ssh
keys.
Any ideas?
Thanks,
--Chad
