When i run spawn amandad via xinetd as root, i get this error.
1214490832.259079: amandad: critical (fatal): running as user "root"
instead of "amandabackup"
In the kerberos wiki it says amandad will relinquish root permissions
after reading the keytab. It doesnt seem to be doing that.
Also, What keytab on the client needs to be read as root?
--Chad
On Jun 25, 2008, at 5:29 PM, Jean-Louis Martineau wrote:
xinetd must be configured to run amandad as root.
Jean-Louis
Chad Kotil wrote:
I am trying to setup krb5 auth on amanda 2.6.0p1. I built the
server and client --with-krb5-security, added a new principal to my
KDC ([EMAIL PROTECTED] REALM), and wrote a keytab file and
placed it on the server. It is locked down so only amandabackup
(the user that runs amanda) can read it. The clients have
a .k5amandahosts file containing the following:
[EMAIL PROTECTED] REALM
backupmaster.f.q.d.n [EMAIL PROTECTED] REALM
my amanda.conf file contains
krb5keytab "/etc/amanda/krb5.keytab-amanda"
krb5principal "[EMAIL PROTECTED] REALM"
On both of my krb5 auth clients I am seeing this error:
1214425629.641678: amandad: critical (fatal): gss_server failed:
real uid is 10036, needs to be 0 to read krb5 host key
10036 is the UID for amandabackup, 0 is the UID for root.
Both clients work fine if I just use bsdtcp auth. I am using ssh
auth everywhere else but for these two particular hosts I cannot
use ssh keys.
Any ideas?
Thanks,
--Chad
Chad E. Kotil
Global Research NOC
[EMAIL PROTECTED]
Phone: 812 855-5288
