SetupNewKrbServer82011-04-23 00:39:17ClintonEbadiRevert to revision 6.72011-04-23 00:26:2128.e6.85ae.static.theplanet.comkaZ8G6 <a href="http://jumjwemsqndy.com/">jumjwemsqndy</a>62011-04-22 23:13:39ClintonEbadiRevert to revision 4.52011-04-22 12:13:03host-1.219.om.nwlgcore.orgWith the bases leodad you struck us out with that answer!42010-11-29 08:27:07DavorOcelic32009-09-23 07:30:39DavorOcelic22009-09-23 07:28:51DavorOcelic12009-09-23 07:27:2778-2-84-198.adsl.net.t-com.hrNew Krb slave setupThere's not much work to do when setting up Kerberos slave server, but there are some caveats. The procedure is as follows: Setup krb client first as documented on SetupNewMachines Install krb5-kdc on the server Copy /etc/krb5kdc/kdc.conf from Hopper Edit /etc/krb5kdc/kpropd.acl on all master and slave machines to list all Krb servers Enable kpropd server in /etc/inetd.conf on the slave Then, attempt first database propagation from master server to new slave (the attempt will exit with an error because the database is not created on the slave server. And it shouldn't have to be, but it's currently a known bug in Krb -- or it may have been fixed in Krb 1.8, but see yourself): Then, on slave, go to /var/lib/krb5kdc/ and do the following to create the database: Remove all temporary files in there (rm *~*) Load database with kdb5_util load from_master Restart KDC /etc/init.d/krb5-kdc restart After that, retry kprop which should succeed. Finally, edit /afs/hcoop.net/common/etc/scripts/hcoop-kprop and add section which propagates database to new machine, then tail -f /var/log/syslog on the slave and expect messages like this: And, edit /afs/hcoop.net/user/h/hc/hcoop/.domtool/hcoop.net to add appropriate DNS entries for the new Krb server. To apply changes, cd into that .domtool directory and run DOMTOOL_USER=hcoop domtool hcoop.net.