Re: iprop problem

["Henry B. Hotz" <hotz@jpl.nasa.gov>]

On Oct 29, 2006, at 3:30 AM, Juha Jäykkä wrote:

> Hi!
>
> I recently added a slave KDC to our realm. All KDC's run 0.7.2 on
> Debian/stable/i386, except this new one, which runs 0.7.2 on
> Debian/etch/x86_64. Now, when iprop tries to sync the db of the new
> slave, all I get it a *tremendous* number of these:
>
> kadm5_log_replay: <db version>: Decrypt integrity check failed
>
> I am quite certain the slave has the correct key in its keytab, but  
> this
> still occurs. Is there some 64-bitness problem somewhere or have I  
> just
> managed to mess up with the keys several times over? (And if I  
> have, how
> do I get the correct key in place; I even removed the whole iprop
> principal, recreated it and kadmin ext'ed the key to the new slave.  
> Can
> that go wrong in any concievable way?)

Don't know about 64-bit issues, but seems like it should be OK.  You  
can check it with kinit --keytab=/var/heimdal/<iprop-keytab> iprop/ 
<machine>.

I suggest you delete the relevant files from /var/heimdal (excepting  
the keytab that I assume you put there), and start from scratch.   
Could you give us a step-by-step of what you're trying and when it  
fails?

------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu