On Mon, Apr 29, 2013 at 4:09 PM, Dave Steiner <[email protected]> wrote: > I've turned on incremental propagation for my two test Kerberos machines but > continually tries to do a full sync but doesn't.
What version of MIT krb5 are you using? > Before starting this (as I had worked with iprop a few months back) did a full > kprop and deleted the principal.ulog files to start fresh. BTW, there's a kproplog -R option to reset the ulog now. You should use that. > One odd thing about our setup is we have multiple realms. As far as I can > tell > from previously playing with iprop is that it doesn't work on multiple realms. > But at this time, I just want to iprop my default realm. Multiple realms in one KDB principal file? Or just multiple realms on a host? IIUC krb5kdc supports multiple realms in a single KDB just fine, but kadmind doesn't, and kadmind plays a big role in iprop. > Any ideas why (1) it thinks it needs to do a full resync (kproplog shows one > new > update on the master), and (2) why it's not doing the full resync? What can I > check to see why it's not working. Can you truss/strace the kadmind (and follow fork and exec) and see what's happening? It's probably a misconfiguration that will be come evident as soon as you see open(2) return some ENOENT in the truss/strace output. Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
