Folks, I have recently upgraded my server estate and this in turn uncovered my aging 3DES kerberos principles. I've been thought and rekeyed them as with AES and this has created a little problem. Something went wrong with the service principle for one of my Apache servers and now key based authentication is no longer working on that host. I've been trying to debug it to no avail. Unfortuantely the mod_auth_gssapi, as far as I can tell, doesn't like giving too much into out.
I'm surmising that the issue might be that the service principle may not have replicated corerctly to the slave server, which is used by the Apache host. I can see the ticket details on the master using kadmin.local and getprinc and I can see the keytab info using ktutil. My question is this: How does one view the KVNO in the Slave DB? I imaine it's probably available via kdb5_util dump but unfortunatly I have not found any documents explaining the fields in the dump. If anyone can advise on how to get the KVNO from the slave or indeed has any other advice, it would be gratefully receieved. Regards, Mike.
signature.asc
Description: PGP signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
