Propagation of Kerberos database fails

[fauxxami]

Good afternoon,

using a Kerberos master and a slave for quite some time, I had to realize yesterday that I have now a problem with the propagation of the master database to the slave. The error message is:

Code: Select all

kprop: Server rejected authentication (during sendauth exchange) while authenticating to server
kprop: Service key not available signalled from server
Error text from server: Service key not available

The Kerberos configuration was not modified and I didn't create new host principals for the two servers. On the master and on the slave, I can get a Kerberos ticket with 'kinit -k host/hostname@REALM' without using a password. With klist, I verified the tickets.

Any idea to solve this problem will be highly appreciated,

fauxxami

P.S.: Very strange: in contradiction to the error message above, the propagation seems to work. I just changed my password on the master, propagated the database and could log in on the slave with the NEW password.

[pylkko]

have you tried:

kprop: Server rejected authentication (during sendauth exchange) while authenticating to server
Make sure that:

The time is synchronized between the master and slave KDCs.
The master stash file was copied from the master to the expected location on the slave.
The slave has a keytab file in the default location containing a host principal for the slave’s hostname

[fauxxami]

Yes, I did. Time is synchronized, the stash file is the same, and the system keytab file contains host/name_of_slave@REALM. I tested all this several times.

[fauxxami]

The problem is finally solved: I had a problem with the nameserver on the slave. So krpopd was trying to use a wrong host principal. From now on, database propagation is working again.