Re: Slave KDC

[Keith Matthews <heimdal@frequentous.co.uk>]

On 16 Aug 2004 16:00:35 -0400
Andrew Bacchi <bacchi@rpi.edu> wrote:

> On Mon, 2004-08-16 at 14:45, Keith Matthews wrote:
> > On 16 Aug 2004 09:25:20 -0400
> > Andrew Bacchi <bacchi@rpi.edu> wrote:
> 
> > 
> > On examination of the kdc logs I've noticed that ticket requests
> > come from user/role@<domain><domain> which doesn't seem right. As
> > yet I can't work out what might be wrong though.
> 
> Is the hostname of the slave FQDN?  Are you using a short name in
> /etc/hosts?  If so change it.
> 

It has been the whole time.

> Can you propagate the DB to the slave?
> 

How do you mean ? thought that was was the ktutil call was doing ? I
eventually copied it across NFS. That seems to have made problems go
away.

> Do you have both master and slave kdc in the krb5.conf on both
> servers? Use the same krb5.conf on all machines.
> 
> [realms]
>         RPI.EDU = {
>                 kdc = kerberos1.rpi.edu
>                 kdc = kerberos2.rpi.edu
>                 admin_server = kerberos1.rpi.edu
>                 default_domain = rpi.edu
>         }
> [domain_realm]
>         .rpi.edu = RPI.EDU
> 

Didn't have the slave in the copy on the slave. Also spotted a minor
syntax problem in defining the realm.  Seems now to be working.

Thanks.