iprop

[matt f <thefowle@wam.umd.edu>]

when i run ipropd-slave (all 0.6-8 Debian), it just fails out leaving 
not but some residue in auth.log.  hprop works fine, ipropd-master seems 
to be running ok.  the slave itself seems fine: i can unplug the slave, 
get a ticket on the slave, plug the machine back in and have that ticket 
work universally.  but incremental propogation just isnt working:

slave's auth.log:
ipropd-slave[14881]: krb5_sendauth: Matching credential not found

or sometimes a
ipropd-slave[15715]: krb5_get_init_creds: Decrypt integrity check failed
when i'm throwing keytabs around like a moron

i also get the following from the master, not sure if its an err or not:
master's auth.log
ipropd-master[7797]: krb5_recvauth: End of file
master's kdc.log:
AS-REQ iprop/lucildor.alienintels.com@ALIENINTELS.COM from 
IPv4:69.17.65.163 for iprop/alienintels.com@ALIENINTELS.COM


Its my understanding that all I SHOULD need is:
1. /var/heimdal/slaves (or, being debian distro, 
/var/lib/heimdal/slaves) for my slave: 
iprop/lucildor.alienintels.com@ALIENINTELS.COM
2. port 2121 open to iprop in /etc/services
3. iprop/hostname on each respective host, gotten from ktutil get from 
the master.

i've also had each host do a ktutil get host/'hostname' too (under most 
testing cases).

i'm pretty sure my m-keys match up... first i copied m-key directly 
system to system.  after getting above problems i started over and i ran 
kstash on both systems independantly with the same passwd to the same 
effect.

i've been moving stuff madly into and out of keytabs but i just dont get 
it.  i just dont know.  :-/  i've been adding and remvoing anything i 
thought might help: kadmin/iprop even though i found no mentions of such 
a privledge anywhere just in sheer desperation.


any help?  i'm dying here... :-/
matt