Propagation of Kerberos database fails

Kernels & Hardware, configuring network, installing services

Propagation of Kerberos database fails

Postby fauxxami » 2018-04-21 11:36

Good afternoon,

using a Kerberos master and a slave for quite some time, I had to realize yesterday that I have now a problem with the propagation of the master database to the slave. The error message is:

Code: Select all
kprop: Server rejected authentication (during sendauth exchange) while authenticating to server
kprop: Service key not available signalled from server
Error text from server: Service key not available


The Kerberos configuration was not modified and I didn't create new host principals for the two servers. On the master and on the slave, I can get a Kerberos ticket with 'kinit -k host/hostname@REALM' without using a password. With klist, I verified the tickets.

Any idea to solve this problem will be highly appreciated,

fauxxami

P.S.: Very strange: in contradiction to the error message above, the propagation seems to work. I just changed my password on the master, propagated the database and could log in on the slave with the NEW password.
fauxxami
 
Posts: 3
Joined: 2018-04-21 11:26

Re: Propagation of Kerberos database fails

Postby pylkko » 2018-04-22 15:09

have you tried:

https://web.mit.edu/kerberos/krb5-1.13/doc/admin/troubleshoot.html#kprop-sendauth-exchange wrote:kprop: Server rejected authentication (during sendauth exchange) while authenticating to server
Make sure that:

The time is synchronized between the master and slave KDCs.
The master stash file was copied from the master to the expected location on the slave.
The slave has a keytab file in the default location containing a host principal for the slave’s hostname
User avatar
pylkko
 
Posts: 1294
Joined: 2014-11-06 19:02

Re: Propagation of Kerberos database fails

Postby fauxxami » 2018-04-22 16:39

Yes, I did. Time is synchronized, the stash file is the same, and the system keytab file contains host/name_of_slave@REALM. I tested all this several times.
fauxxami
 
Posts: 3
Joined: 2018-04-21 11:26

Re: Propagation of Kerberos database fails

Postby fauxxami » 2018-04-22 17:37

The problem is finally solved: I had a problem with the nameserver on the slave. So krpopd was trying to use a wrong host principal. From now on, database propagation is working again.
fauxxami
 
Posts: 3
Joined: 2018-04-21 11:26


Return to System configuration

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable