kprop: Key table entry not found while getting initial credentials

Mon, 08 Aug 2016 19:26:18 -0700 

HI ALL,

I try to config master/slave KDC, when I execute “kprop -f slave_datatrans 
ip-10-21-14-33.envisioncn.com”, an error popup “kprop: Key table entry not 
found while getting initial credentials”.

I checked principal in database, checked “klist -k krb5.keytab“, checked the 
kadmin5.acl and kpropd.acl, All of these can find 
“host/ip-10-21-14-33.envisioncn.com”. And I still config the 
“host/ip-10-21-14-33.envisioncn.com” in “10.21.14.33”.

I still configed the xinetd


service kpropd

{

# This is for quick on or off of the service

        disable         = no



# The next attributes are mandatory for all services

        id              = krb5_prop

        type            = UNLISTED

        wait            = no

        socket_type     = stream

#       protocol        = socket type is usually enough



# External services must fill out the following

        user            = root

#       group           =

        server          = /usr/local/sbin/kpropd

#   server_args     = kpropd


But it didn’t work.

So I try to add “kiprop/ ip-10-21-14-33.envisioncn.com” in kadmin database and 
keytab(master/slave both),

It didn’t work.

Q1: What happened? What kprop do? I only know it would connect to 
“ip-10-21-14-33.envisioncn.com”’s kpropd process and sync database, what step 
it would do before connect to slave kdc?

Q2:What means “key table” ? Is that “keytab”

Q3:What means “credentials” ? Is that “tgt”?


All My operations follow this guide 
“http://web.mit.edu/kerberos/krb5-1.14/doc/admin/install_kdc.html”

Thx

Beat Regards
________________________________________
Chuanjie Duan
Mail:chuanjie.d...@envisioncn.com<mailto:chuanjie.d...@envisioncn.com>




本邮件(包括任何附件)内容机密并受法律保护。如果您意外地收到这封邮件,请回复通知发件人并从当前系统中删除本邮件。任何未经授权者,严禁使用并部分或者全部的转发本条信息。任何未经授权的使用或传播都是被严格禁止的。远景能源与其分公司不对因不正确和不完整的转发此邮件包含的信息以及因任何因邮件延迟或对你的系统造成的损害而负责。远景能源不能保证此邮件的真实完整性,也不能确定此邮件是否含有病毒或者监听程序。
This email message (including any attachments) is confidential and may be 
legally privileged. If you have received it by mistake, please notify the 
sender by return email and delete this message from your system. Any 
unauthorized use or dissemination of this message in whole or in part is 
strictly prohibited. Envision Energy Limited and all its subsidiaries shall not 
be liable for the improper or incomplete transmission of the information 
contained in this email nor for any delay in its receipt or damage to your 
system. Envision Energy Limited does not guarantee the integrity of this email 
message, nor that this email message is free of viruses, interceptions, or 
interference.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to