Hi Greg Thanks a lot for such a great explanation.
I really appreciate all the effort. Just a little more info on the 1st point, I cannot see any incoming connections in messages unless I do not start a kprop. Mar 21 14:40:55 my-slave-host xinetd[22894]: xinetd Version 2.3.14 started with libwrap loadavg labeled-networking options compiled in. Mar 21 14:40:55 my-slave-host xinetd[22894]: Started working: 0 available services Mar 22 01:10:42 my-slave-host kpropd[24213]: Connection from my-master-host Anything you could think of that I might have configured wrong ? Thanks, Harman On Sun, Mar 22, 2015 at 8:33 AM, Greg Hudson <[email protected]> wrote: > On 03/21/2015 10:28 PM, HARMAN wrote: > > I started xinetd service, and tried propagating database (without > starting > > kpropd, as I have not configured incremental propagation), and it gave me > > an error: > > kprop: Connection refused while connecting to server > > I couldn't figure out what's wrong here. kpropd ought to be able to run > out of inetd or a similar service if you aren't doing incremental > propagation. > > > 2. Do we need to add Kerberos Administration Server (admin_server) for > > slave KDC in krb5.conf? OR In other words, can we have more than one > > admin_server properties configured in krb5.conf? > > Not presently. The kadmin client code currently only handles one server > hostname. > > > 3. Can we start Kerberos Administration Server on a slave KDC machine, as > > specified in MIT documentation? > > Yes, but it might not be a good idea--any changes made through a slave's > kadmind service will be overwritten by the next propagation. > > > I tried starting Kerberos Administration Server (kadmind) on my new > master > > and I got an error: > > Error. This appears to be a slave server, found kpropd.acl > > That error is coming from Red Hat's system scripts, not from kadmind > itself. > -- HARMAN ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
