[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Slave KDC

To: "heimdal-discuss@sics.se" <heimdal-discuss@sics.se>
Subject: Re: Slave KDC
From: Keith Matthews <heimdal@frequentous.co.uk>
Date: Mon, 16 Aug 2004 19:45:44 +0100
In-Reply-To: <1092662720.32052.4.camel@boreal.netel.rpi.edu>
Organization: Frequentous Consultants Ltd
References: <20040815132642.10b8a988.heimdal@frequentous.co.uk><1092662720.32052.4.camel@boreal.netel.rpi.edu>
Sender: owner-heimdal-discuss@sics.se

On 16 Aug 2004 09:25:20 -0400
Andrew Bacchi <bacchi@rpi.edu> wrote:

> On Sun, 2004-08-15 at 08:26, Keith Matthews wrote:
> 
> > I have created a host entry for the slave. I have not set up
> > krb5.conf or krb.conf as the instructions imply one should not on
> > the slave.
> > 
> 
> Have you extracted the host keytab and copied it to the slave as
> /etc/krb5.keytab?  You DO need krb5.conf on both master and slave.  
> 
> 

I have now - no effect. I've also set up krb5.conf - seems to be a
documentation issue there, certainly with the book.

I've tried kinit calls from the intended slave. Those are failing
"kinit: converting creds: Cannot contact any KDC for requested realm"
despite the request being logged by the master kdc. I thought it was a
firewall issue at first, but I've eliminated that now.

On examination of the kdc logs I've noticed that ticket requests come
from user/role@<domain><domain> which doesn't seem right. As yet I can't
work out what might be wrong though.

I'm beginning to wonder if it might just be an IPv6 issue, but that's
currently stretching credulity somewhat.

Follow-Ups:
- Re: Slave KDC
  - From: Andrew Bacchi <bacchi@rpi.edu>

References:
- Slave KDC
  - From: Keith Matthews <heimdal@frequentous.co.uk>
- Re: Slave KDC
  - From: Andrew Bacchi <bacchi@rpi.edu>

Prev by Date: Segmentation fault on creating Heimdal database
Next by Date: Re: Slave KDC
Prev by thread: Re: Slave KDC
Next by thread: Re: Slave KDC
Index(es):
- Date
- Thread