Re: Problem with kpasswd

[Assar Westerlund <assar@sics.se>]

Dr A V Le Blanc <LeBlanc@mcc.ac.uk> writes:
> The hostname is certainly in the DNS for forward and reverse lookup.
> (It's avl.mcc.ac.uk at 130.88.201.63.)  The krb5.conf does have
> in the realms section 'kdc = avl.mcc.ac.uk'; does it need a
> kpasswdd entry as well?

You need a `admin_server = avl.mcc.ac.uk' in your realm part, as
well.  If you have a cname kerberos.REALM it should also work.

> I'd also be interested in two other questions not included in
> the documentation, as far as I can see.  What do I need to get
> slave servers working; there is a little bit in the kerberos-4
> documentation, but almost nothing in heimdal.  Can I presume
> the operation is fairly similar?

Yes, it works the same way even if the details are somewhat
different.  You run `hprop' on the host you want to propagate from and
`hpropd' on the receiving host.  There are options to hprop for v4 and
ka databases.

> Second, I have compiled with the two 'experimental' options to
> enable-kaserver and enable-kaserver-db.  Do these work?

Yes, but you probably want 0.2o to be running these.  There are users
running an heimdal kdc and using klog et al to communicate with it.

> There isn't anything about them except the options on the command
> line, and it would be extremely useful if they worked.

Basically, you just enable kaserver support with `--kaserver' or
`enable_kaserver' in the [kdc] section in the configuration file and
it will listen on the ka-server port and serve these requests.

For fetching an kaserver database, `--ka-db' to hprop should be all
you need.

> I might even be moved to write a little documentation if I
> get it all working...

Documentation is certainly an area where there is room for
improvement.  If you do write anything, please send it to us.  We do
appriate it a lot.

/assar