Heres an update to the kerberos realm issue I am now seeing.
I want to use my secondary KDC (UVWX.YZ.EDU) rather than the primary
KDC (YZ.EDU), but amanda doesnt seem to know how to look for it. I
include the KDC realm in all of my config's. amanda.conf, and .k5login.
Here is my .k5login
Yah, A little background might help.
UVWX.YZ.EDU is the realm of my secondary KDC for these two hosts (the
clients) which I am trying to configure krb auth on. YZ.EDU is the
primary KDC on these hosts. These two hosts are my bastion servers ,
i.e. hop off boxes to protect my local
If your realm is YZ.EDU, then that's what you use. If UVWX.YZ.EDU is
a host name and not a realm name, then it doesn't belong in your
principal names.
Can you explain why you want to auth against the secondary rather than
the primary? I can't think of any reason that should matter.
-Mitch
When i run spawn amandad via xinetd as root, i get this error.
1214490832.259079: amandad: critical (fatal): running as user root
instead of amandabackup
In the kerberos wiki it says amandad will relinquish root permissions
after reading the keytab. It doesnt seem to be doing that.
Also,
Chad,
I don't have a krb5 setup and the developers sometimes break it.
amandad relinquish root permissions too soon.
Can you try the attached patch?
Jean-Louis
Chad Kotil wrote:
When i run spawn amandad via xinetd as root, i get this error.
1214490832.259079: amandad: critical (fatal):
Im using the source version 2.6.0p1
Here are the results of the patch.
[EMAIL PROTECTED] amandad-src]# patch amandad.c amanda.patch
patching file amandad.c
Hunk #1 succeeded at 218 with fuzz 2.
Hunk #2 FAILED at 417.
Hunk #3 FAILED at 442.
2 out of 3 hunks FAILED -- saving rejects to file
I realized I could apply this patch by hand based on the diff. I did,
recompiled, and still same result.
Here is the diff for version 2.6.0p1.
[EMAIL PROTECTED] amandad-src]# diff amandad.c amandad.c.orig
221,229c221
if (geteuid() == 0) {
check_running_as(RUNNING_AS_ROOT);
Ian,
Jean-Loiuis provided me with a patch that fixed this problem. The
patch was posted to the list.
I now face a new problem. I need to use my secondary kdc REALM to
authenticate, and not my default realm. The keytab on the server is
from the second kdc realm and the principal is from
I am trying to setup krb5 auth on amanda 2.6.0p1. I built the server
and client --with-krb5-security, added a new principal to my KDC
([EMAIL PROTECTED] REALM), and wrote a keytab file and placed it
on the server. It is locked down so only amandabackup (the user that
runs amanda) can read
Hi there,
We use this on 2.5.2.
On the client, amandad should be spawned by root (makes sense really,
as it's the only user who can see all files :) )
Here's my xinetd.d/k5amandad file :
service k5amanda
{
socket_type = stream
protocol = tcp
wait = no
user = root
group = backup
server =
xinetd must be configured to run amandad as root.
Jean-Louis
Chad Kotil wrote:
I am trying to setup krb5 auth on amanda 2.6.0p1. I built the server
and client --with-krb5-security, added a new principal to my KDC
([EMAIL PROTECTED] REALM), and wrote a keytab file and placed it
on the server.
11 matches
Mail list logo
