Date: Mon, 26 Feb 1996 13:07:50 -0500 From: Ken Lam <klam@awod.com> To: Mark Murray <mark@grondar.za> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Kerberos 4 Slave Server Setup in 2.1 Message-ID: <1.5.4b11.32.19960226180750.0068c940@awod.com>
next in thread | raw e-mail | index | archive | help
>> rcmd.kerberos and rcmd.indigo are in both master >> and slave (with an 'ext_srvtab kerberos' srvtab on >> the slave). > >Do you have two machines called kerberos and indigo? Are they your >master and slave? If so, you are OK. I would also put a srvtab on the >master. > >> the docs say rcmd.HOSTNAME@REALM >> >> does that mean rcmd.indigo.awod.com@AWOD.COM ? > >No. rcmd.indigo@AWOD.COM, > >> krb.conf >> ---- >> AWOD.COM >> AWOD.COM moultrie.awod.com admin server >> AWOD.COM indigo.awod.com > >You have your rcmd.'s wrong. They should be (by above definition) be >rcmd.moultrie and rcmd.indigo. OK. I have a DNS CNAME entry of kerberos for moultrie, but I will change that my conf file to kerberos. >> krb.realms >> ---- >> AWOD.COM AWOD.COM >> .AWOD.COM AWOD.COM > >OK... > >> krb.slaves >> ---- >> indigo.awod.com > >??? Is this a file? I find no reference to it anywhere? I found that in documentation from indiana.edu http://browneyes.ucs.indiana.edu/subject/kerberos/krb.slaves.html >> this is the console message I receive when trying to propogate: >> >> moultrie# /usr/sbin/kdbupdate > ^^^^^^^^^ >What is this? #!/bin/sh /usr/sbin/kdb_util slave_dump /etc/kerberosIV/krb_update_dump /usr/sbin/kprop /etc/kerberosIV/krb_update_dump /etc/kerberosIV/krb.slaves >> Start slave propagation: Mon Feb 26 11:09:29 1996 >> indigo.awod.com: Generic kerberos error (kfailure). Calling krb_sendauth.ind >igo >> .awod.com: Generic kerberos error (kfailure). Calling krb_sendauth.indigo.aw >od. >> com: Generic kerberos error (kfailure). Calling krb_sendauth.indigo.awod.com >: G >> eneric kerberos error (kfailure). Calling krb_sendauth.indigo.awod.com: Gene >ric >> kerberos error (kfailure). Calling krb_sendauth.kprop: propagation failed. >> >> this is from the kerberos.log: >> >> 26-Feb-96 11:09:29 Initial ticket request Host: 198.81.225.2 User: "rcmd" "ke >rbe >> ros" >> 26-Feb-96 11:09:29 APPL Request rcmd.kerberos@AWOD.COM on 198.81.225.2 for rc >md. > >Hmm. I'll need to look at a bit more. Do your logs mention any other >(perhaps funny looking) pricipal.instance pairs? What other "Initial ticket >requests" are you getting? Those are the only one's being generated by these attempts. >Not being a kprop[d] user, I cannot offer you much specific advice about >that. How are you handling your master/slave servers without kprop? Is there some other means? Thanks again Ken >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1.5.4b11.32.19960226180750.0068c940>