[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Master key and slave KDC [was: MIT master KDC -> Heimdal slave KDC replication]

On Wed, Mar 16, 2005 at 06:43:58PM -0600, Tillman Hodgson wrote:
> Should it be able to cope with policy information? If not, is there a
> better way to handle it other than running my dump through a pipe to
> filter out policy lines before hprop'ing them?

Grep'ing out the policy lines seems to be working well enough that I'm
not worried about it now.

However, I'm now running in a new problem. Here's a kinit to the new
Heimdal slave KDC:

$ kinit
tillman@SEEKINGFIRE.PRV's Password:
kinit: krb5_get_init_creds: Key size is incompatible with encryption type

That looks like a database master key problem. Is hprop/hpropd supposed
to handle that for me? I can't do the obvious trick of copying m-key
over because it's an MIT master ... the stash files appear to be
different internally (14 bytes versus 72, for example). If hprop doesn't
handle this, what's the best way for me to go about getting a valid
master key on the Heimdal slave KDC?


It used to be said [...] that AIX looks like one space alien discovered Unix,
and described it to another different space alien who then implemented
AIX. But their universal translators were broken and they'd had to gesture
a lot.
    - A.S.R. quote (Paul Tomblin)