I'm having some problems getting kerberos propagation to a slave server
working correctly and was hoping someone might have some insight. I've
looked through the logs and they're not very verbose as well as googled for
the error, of which, I've only found one prior example of, and no fix. If
anyone has any insight, I'd be very grateful.
Using MIT kerberos 5, I setup a kerberos kdc and a second kdc which I want
to use as a slave server. On the slave server, I set up the access list
/var/kerberos/krb5kdc/kpropd.acl which contains the following:
host/[EMAIL PROTECTED]
host/[EMAIL PROTECTED]
and ran the propd command as follows in stand along for debugging as
recommended in the man page:
/usr/kerberos/sbin/kpropd -p 754 -a kpropd.acl -S -f
/var/kerberos/from_master
from the same directory as the kpropd.acl was in.
I got the following error:
(from on kerberos (master))
Error text from server: Decrypt integrity check failed
[EMAIL PROTECTED] root]# /usr/kerberos/sbin/kprop -f
/tmp/20050321-1.slavedump ks.frontbridge.com
/usr/kerberos/sbin/kprop: Server rejected authentication (during
sendauth exchange) while authenticating to server
/usr/kerberos/sbin/kprop: Decrypt integrity check failed signalled
from server Error text from server: Decrypt integrity check failed
on the ks (slave):
krpopd[3026]: Connection from 192.168.1.208
kpropd[3026]: Error in krb5_recvauth: Decrypt integrity check failed
Anyway, if anyone could help, I'd really appreciate it,
Thanks,
Nick
FrontBridge introduces Message Archive and Secure Email. Get leading Enterprise
Message Security services from FrontBridge. www.frontbridge.com.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
