From owner-freebsd-security Mon Feb 26 08:32:47 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id IAA28974 for security-outgoing; Mon, 26 Feb 1996 08:32:47 -0800 (PST) Received: from sumter.awod.com (awod.com [198.81.225.1]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id IAA28960 for ; Mon, 26 Feb 1996 08:32:42 -0800 (PST) Received: from Ken (tsunami.awod.com [198.81.225.31]) by sumter.awod.com (8.6.11/8.6.9) with SMTP id LAA04399; Mon, 26 Feb 1996 11:32:27 -0500 Message-Id: <1.5.4b11.32.19960226163421.0068c12c@awod.com> X-Sender: klam@awod.com X-Mailer: Windows Eudora Light Version 1.5.4b11 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 26 Feb 1996 11:34:21 -0500 To: Mark Murray From: Ken Lam Subject: Re: Kerberos 4 Slave Server Setup in 2.1 Cc: freebsd-security@FreeBSD.ORG Sender: owner-security@FreeBSD.ORG Precedence: bulk OK. The following is currently what I have done: I have added kpropd to inetd.conf in my slave, it does respond when I telnet to the port. I have a script which uses kdb_util to do a slave_dump and then calls kprop. I'm not quite sure which machines need the 'rcmd' principal and what instance they need, and I may have done the following wrong. rcmd.kerberos and rcmd.indigo are in both master and slave (with an 'ext_srvtab kerberos' srvtab on the slave). the docs say rcmd.HOSTNAME@REALM does that mean rcmd.indigo.awod.com@AWOD.COM ? krb.conf ---- AWOD.COM AWOD.COM moultrie.awod.com admin server AWOD.COM indigo.awod.com krb.realms ---- AWOD.COM AWOD.COM .AWOD.COM AWOD.COM krb.slaves ---- indigo.awod.com this is the console message I receive when trying to propogate: moultrie# /usr/sbin/kdbupdate Start slave propagation: Mon Feb 26 11:09:29 1996 indigo.awod.com: Generic kerberos error (kfailure). Calling krb_sendauth.indigo .awod.com: Generic kerberos error (kfailure). Calling krb_sendauth.indigo.awod. com: Generic kerberos error (kfailure). Calling krb_sendauth.indigo.awod.com: G eneric kerberos error (kfailure). Calling krb_sendauth.indigo.awod.com: Generic kerberos error (kfailure). Calling krb_sendauth.kprop: propagation failed. this is from the kerberos.log: 26-Feb-96 11:09:29 Initial ticket request Host: 198.81.225.2 User: "rcmd" "kerbe ros" 26-Feb-96 11:09:29 APPL Request rcmd.kerberos@AWOD.COM on 198.81.225.2 for rcmd. indigo Thanks again! Ken