[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Slave KDC

To: Keith Matthews <heimdal@frequentous.co.uk>
Subject: Re: Slave KDC
From: Andrew Bacchi <bacchi@rpi.edu>
Date: 16 Aug 2004 16:00:35 -0400
Cc: "heimdal-discuss@sics.se" <heimdal-discuss@sics.se>
In-Reply-To: <20040816194544.4cf9c94e.heimdal@frequentous.co.uk>
References: <20040815132642.10b8a988.heimdal@frequentous.co.uk><1092662720.32052.4.camel@boreal.netel.rpi.edu> <20040816194544.4cf9c94e.heimdal@frequentous.co.uk>
Sender: owner-heimdal-discuss@sics.se

On Mon, 2004-08-16 at 14:45, Keith Matthews wrote:
> On 16 Aug 2004 09:25:20 -0400
> Andrew Bacchi <bacchi@rpi.edu> wrote:

> 
> On examination of the kdc logs I've noticed that ticket requests come
> from user/role@<domain><domain> which doesn't seem right. As yet I can't
> work out what might be wrong though.

Is the hostname of the slave FQDN?  Are you using a short name in
/etc/hosts?  If so change it.

Can you propagate the DB to the slave?

Do you have both master and slave kdc in the krb5.conf on both servers? 
Use the same krb5.conf on all machines.

[realms]
        RPI.EDU = {
                kdc = kerberos1.rpi.edu
                kdc = kerberos2.rpi.edu
                admin_server = kerberos1.rpi.edu
                default_domain = rpi.edu
        }
[domain_realm]
        .rpi.edu = RPI.EDU


-- 
Facade: Provide a unified interface to a set of interfaces in a
subsystem.

Andrew Bacchi
Staff Systems Programmer
Rensselaer Polytechnic Institute
phone: 518 276-6415  fax: 518 276-2809

http://www.rpi.edu/~bacchi/

Follow-Ups:
- Re: Slave KDC
  - From: Keith Matthews <heimdal@frequentous.co.uk>

References:
- Slave KDC
  - From: Keith Matthews <heimdal@frequentous.co.uk>
- Re: Slave KDC
  - From: Andrew Bacchi <bacchi@rpi.edu>
- Re: Slave KDC
  - From: Keith Matthews <heimdal@frequentous.co.uk>

Prev by Date: Re: Slave KDC
Next by Date: How-to for Heimdal/Openldap
Prev by thread: Re: Slave KDC
Next by thread: Re: Slave KDC
Index(es):
- Date
- Thread