pst@ack.Stanford.EDU (Paul Traina) (07/27/90)
Today I was trying to get a second kerberos server up, but I was having problems with kprop/kpropd. I'm using kerberos PL 9. First, kpropd had a bug where it wasn't bzero'ing sin and then setting the socket address was not set to INADDR_ANY, but that was easily fixed. (machine: sun4/110, sunos 4.0.3) Now it's time to create some mutual secrets, and I'm having trouble decoding keys. I created a service called "rcmd.kerberos" and placed a key for that service in the master machine's /etc/srvtab. One thing I had not done was set KRB_MASTER in /usr/include/krb.h to the real name of the master server (sigh), so building a srvtab was fun. :-) (actually, ksrvutil wins big here). I already had a rcmd.corniche key built for the slave server, so I added that to the master's /etc/srvtab. (This step, I believe, is a mistake). After a bit of playing arround, things still aren't working right. Here's what I see (on master): # kprop from_rocket slaves Start slave propagation: Thu Jul 26 15:18:48 1990 corniche: Generic kerberos error (kfailure). Calling krb_sendauth. (on slave) ***** kpropd started ***** 26-Jul-90 16:18:33 Established socket 26-Jul-90 16:18:48 Connection from rockets-tail.Stanford.EDU, 36.21.0.179 26-Jul-90 16:18:50 kpropd: Can't decode authenticator (krb_rd_req): Calling getk data 26-Jul-90 16:18:50 kpropd will pause before dying so as not to loop init (in kerberos.log) 26-Jul-90 15:18:49 Initial ticket request Host: 36.21.0.179 User: "rcmd" "kerber os" 26-Jul-90 15:18:49 APPL Request rcmd.kerberos@STANFORD.EDU on 36.21.0.179 for rc md.corniche So, what tickets should I be putting in each machine's srvtab? Does anyone have a document (or semi-document) on master/slave setup yet? -- I told the priest - don't count on any second coming. God got his ass kicked the first time he came down here slumming. He had the balls to come, the gall to die and then forgive us - No, I don't wonder what he thought it would get us. -- Prieboy