[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Slave KDC

On 16 Aug 2004 09:25:20 -0400
Andrew Bacchi <bacchi@rpi.edu> wrote:

> On Sun, 2004-08-15 at 08:26, Keith Matthews wrote:
> > I have created a host entry for the slave. I have not set up
> > krb5.conf or krb.conf as the instructions imply one should not on
> > the slave.
> > 
> Have you extracted the host keytab and copied it to the slave as
> /etc/krb5.keytab?  You DO need krb5.conf on both master and slave.  

I have now - no effect. I've also set up krb5.conf - seems to be a
documentation issue there, certainly with the book.

I've tried kinit calls from the intended slave. Those are failing
"kinit: converting creds: Cannot contact any KDC for requested realm"
despite the request being logged by the master kdc. I thought it was a
firewall issue at first, but I've eliminated that now.

On examination of the kdc logs I've noticed that ticket requests come
from user/role@<domain><domain> which doesn't seem right. As yet I can't
work out what might be wrong though.

I'm beginning to wonder if it might just be an IPv6 issue, but that's
currently stretching credulity somewhat.