[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problem with kpasswd
Dr A V Le Blanc <LeBlanc@mcc.ac.uk> writes:
> The hostname is certainly in the DNS for forward and reverse lookup.
> (It's avl.mcc.ac.uk at 126.96.36.199.) The krb5.conf does have
> in the realms section 'kdc = avl.mcc.ac.uk'; does it need a
> kpasswdd entry as well?
You need a `admin_server = avl.mcc.ac.uk' in your realm part, as
well. If you have a cname kerberos.REALM it should also work.
> I'd also be interested in two other questions not included in
> the documentation, as far as I can see. What do I need to get
> slave servers working; there is a little bit in the kerberos-4
> documentation, but almost nothing in heimdal. Can I presume
> the operation is fairly similar?
Yes, it works the same way even if the details are somewhat
different. You run `hprop' on the host you want to propagate from and
`hpropd' on the receiving host. There are options to hprop for v4 and
> Second, I have compiled with the two 'experimental' options to
> enable-kaserver and enable-kaserver-db. Do these work?
Yes, but you probably want 0.2o to be running these. There are users
running an heimdal kdc and using klog et al to communicate with it.
> There isn't anything about them except the options on the command
> line, and it would be extremely useful if they worked.
Basically, you just enable kaserver support with `--kaserver' or
`enable_kaserver' in the [kdc] section in the configuration file and
it will listen on the ka-server port and serve these requests.
For fetching an kaserver database, `--ka-db' to hprop should be all
> I might even be moved to write a little documentation if I
> get it all working...
Documentation is certainly an area where there is room for
improvement. If you do write anything, please send it to us. We do
appriate it a lot.