PDA

View Full Version : kerberos kprop error



kmcarthu
1st February 2011, 05:43 PM
I am setting up a kerberos secondary server for the first time.

When trying a manual "sudo kprop -f slave_datatrans slave.example.com" I receive the following error.

/usr/kerberos/sbin/kprop: Server rejected authentication (during sendauth exchange) while authenticating to server
Generic remote error: Wrong principal in request

All documentation points me to the fact that my krb5.keytab or stash file do not exist on the slave, however, I have sftp both files from the primary to the slave.

Here are the steps I have taken to set up the propagation (I followed redhat 5 documentation 43.6.8)

- kdc is up and running on primary.example.com
- principals host/primary.example.com@EMAMPLE.COM and host/slave.example.com@EXAMPLE.COM are created and are in the krb5.keytab
- krb5.conf and kdc.conf were sftp to the slave
- both principals are in kpropd.acl on the slave
- kdb5_util dump runs correctly on the primary
- firewall port 754 was opened on the slave (for primary only)

Could someone point me to documentation that would help me?
Thank you.
Karen McArthur
Bates College, Lewiston, ME
kmcarthu@bates.edu