New Krb slave setup
There's not much work to do when setting up Kerberos slave server, but there are some caveats. The procedure is as follows:
Setup krb client first as documented on SetupNewMachines
- Install krb5-kdc on the server
- Copy /etc/krb5kdc/kdc.conf from Hopper
- Edit /etc/krb5kdc/kpropd.acl on all master and slave machines to list all Krb servers
- Enable kpropd server in /etc/inetd.conf on the slave
Then, attempt first database propagation from master server to new slave (the attempt will exit with an error because the database is not created on the slave server. And it shouldn't have to be, but it's currently a known bug in Krb):
kdb5_util dump /var/lib/krb5kdc/slave_datatrans kprop NEWMACHINE.hcoop.net
Then, on slave, go to /var/lib/krb5kdc/ and do the following to create the database:
Remove all temporary files in there (rm *~*)
Load database with kdb5_util load from_master
Restart KDC /etc/init.d/krb5-kdc restart
After that, retry kprop which should succeed.
Finally, edit /afs/hcoop.net/common/etc/scripts/hcoop-kprop and add section which propagates database to new machine, then tail -f /var/log/syslog on the slave and expect messages like this:
Sep 23 07:24:01 hopper kpropd[22567]: Connection from deleuze.hcoop.net Sep 23 07:25:01 hopper kpropd[22569]: Connection from deleuze.hcoop.net Sep 23 07:26:01 hopper kpropd[22571]: Connection from deleuze.hcoop.net