[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Trouble with hprop



Hello all,

I've some trouble with hprop, maybe somebody can help!?

At a site we're trying switch the computers running as kerberos servers.
The idea is to replicate the database to the new machines and then make
the switch.

The old ones are two i486 running OpenBSD 2.9 with heimdal-0.3c,
compiled in the actual machine. The new ones are two Pentium II running
OpenBSD 3.1 with the heimdal-0.4e that comes with the dist.

On the slave (with heimdal-0.4e):
slave# /usr/libexec/hpropd
slave# Jul 11 14:58:30 kerberos-3 hpropd[15534]: krb5_recvauth: Decrypt
integrity check failed
Jul 11 14:58:30 kerberos-3 hpropd[15534]: krb5_recvauth: Decrypt
integrity check failed


On the master (with heimdal-0.3c):
master# /usr/heimdal/libexec/hprop kerberos-3.example.com
hprop: krb5_sendauth: Decrypt integrity check failed



I've been searching the net and the error seems connected to the keytab,
but I haven't been able to figure it out.

I'll appreciate any thoughts about this. Is there a better way to do the
upgrade?



Thanks in advance // Pär Aronsson



slave# ktutil list
FILE:/etc/kerberosV/krb5.keytab:

Vno  Type           Principal
  1  des-cbc-crc    hprop/kerberos-3.example.com@EXAMPLE.COM
  1  des-cbc-md4    hprop/kerberos-3.example.com@EXAMPLE.COM
  1  des-cbc-md5    hprop/kerberos-3.example.com@EXAMPLE.COM
  1  des3-cbc-sha1  hprop/kerberos-3.example.com@EXAMPLE.COM
  1  des-cbc-crc    host/kerberos-3.example.com@EXAMPLE.COM
  1  des-cbc-md4    host/kerberos-3.example.com@EXAMPLE.COM
  1  des-cbc-md5    host/kerberos-3.example.com@EXAMPLE.COM
  1  des3-cbc-sha1  host/kerberos-3.example.com@EXAMPLE.COM

ktutil: krb5_kt_start_seq_get krb4:/etc/kerberosIV/srvtab:
open(/etc/kerberosIV/srvtab): No such file or directory




master# /usr/heimdal/sbin/kadmin -l get \
hprop/kerberos-3.example.com@EXAMPLE.COM
               Principal: hprop/kerberos-3.example.com@EXAMPLE.COM
       Principal expires: never
        Password expires: never
    Last password change: never
         Max ticket life: 1 day
      Max renewable life: 1 week
                    Kvno: 1
                   Mkvno: 0
                  Policy: none
   Last successful login: never
       Last failed login: never
      Failed login count: 0
           Last modified: 2002-07-11 11:27:02 UTC
                Modifier: kadmin/admin@EXAMPLE.COM
              Attributes:
Keytypes(salttype[(salt-value)]): des-cbc-crc(pw-salt),
des-cbc-md4(pw-salt), des-cbc-md5(pw-salt), des3-cbc-sha1(pw-salt)

master# /usr/heimdal/sbin/kadmin -l get \
host/kerberos-3.example.com@EXAMPLE.COM
               Principal: host/kerberos-3.example.com@EXAMPLE.COM
       Principal expires: never
        Password expires: never
    Last password change: never
         Max ticket life: 1 day
      Max renewable life: 1 week
                    Kvno: 1
                   Mkvno: 0
                  Policy: none
   Last successful login: never
       Last failed login: never
      Failed login count: 0
           Last modified: 2002-07-11 11:26:24 UTC
                Modifier: kadmin/admin@EXAMPLE.COM
              Attributes:
Keytypes(salttype[(salt-value)]): des-cbc-crc(pw-salt),
des-cbc-md4(pw-salt), des-cbc-md5(pw-salt), des3-cbc-sha1(pw-salt)