-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
John Hascall wrote: | Show us the kdc.conf on your machines...
Sure.
On the master (elwing): # cat /etc/krb5kdc/kdc.conf
[kdcdefaults] ~ kdc_ports = 88,750
[realms] ~ SLUGGARDY.NET = { ~ database_name = /etc/krb5kdc/principal ~ admin_keytab = /etc/krb5kdc/kadm5.keytab ~ acl_file = /etc/krb5kdc/kadm5.acl ~ dict_file = /etc/krb5kdc/kadm5.dict ~ key_stash_file = /etc/krb5.keytab ~ kadmind_port = 749 ~ max_life = 12h 0m 0s ~ max_renewable_life = 7d 0h 0m 0s ~ master_key_type = des3-hmac-sha1 ~ supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal ~ }
On the slave (mithrandir): # cat /etc/krb5kdc/kdc.conf
[kdcdefaults] ~ kdc_ports = 88,750
[realms] ~ SLUGGARDY.NET = { ~ database_name = /etc/krb5kdc/principal ~ admin_keytab = /etc/krb5kdc/kadm5.keytab ~ acl_file = /etc/krb5kdc/kadm5.acl ~ dict_file = /etc/krb5kdc/kadm5.dict ~ key_stash_file = /etc/krb5.keytab ~ kadmind_port = 749 ~ max_life = 12h 0m 0s ~ max_renewable_life = 7d 0h 0m 0s ~ master_key_type = des3-hmac-sha1 ~ supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal ~ }
There are a couple of things that I have been kicking around in my head that may be causing the trouble. Will kprop work properly if the slave KDC is behind a NATing firewall? I can't think of a reason why it should matter, but I thought I would check. I have the master KDC behind a non NATing firewall, but the slave is in my home NATed network. Could this be the problem? If I get a chance I may try moving the machine in front of the firewall and see if that makes a difference.
Thanks for any help, I really appreciate it. I love what I have seen of Kerberos so far and would really like to get it working properly.
- -Nick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAewWtWRxj7DCRpGURAig0AKCZ2iq30yG1er7WL/R1PlXOxxy45gCgoiLz 4blHoEWS4SCFAaUb7aZ8xu4= =m5dr -----END PGP SIGNATURE----- ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos