All, I have a machine running 1.6.1 (on x86_64) and would like to add a slave machine under 1.8.3 (debian squeeze, x86). Unfortunately, the stash file from the master does not work on the slave. I get:
Unable to decrypt latest master key with the provided master key - while fetching master keys list for realm OUR_REALM I thought this should only happen between architectures with different endianess??? I currently do not have the KDC master key, so I thought I could do kdb5_util dump -mkey_convert dumpfile kdb5_util load dumpfile kdb5_util stash That seemed to work. I got the slave up and running, kprop works, I can kinit both to the master and to the slave, use aklog and afs, etc... But now kadmin gives me: kadmin gss-api or kerberos error while initializing kadmin interface kadmin.local works, though. I don't know if this could be related to http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6546 Any help would be great! For reference, the 1.6.1 machine (master) has the following kdc.conf: [kdcdefaults] kdc_ports = 88 [realms] OUR.REALM = { master_key_type = des3-hmac-sha1 acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3 max_life = 24h max_renewable_life = 7d } The 1.8.3 machine (slave) has the following kdc.conf: [kdcdefaults] kdc_ports = 88 [realms] OUR.REALM = { master_key_type = des3-hmac-sha1 supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3 max_life = 24h max_renewable_life = 7d } Thanks, Christian ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
