kpropd on non-default port

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

kpropd on non-default port

Yegui Cai
Hi community.
I am trying to deploy a master and a slave KDC. Due to regulations, I need
to run everything on unpriviledged ports. I have done everything except for
kpropd which by default runs on 754. When I launched kpropd on port, say,
3754. Database propagation did not happen. I did try running kproplog to
check - the master node shows some changes but it is not reflected on the
slave node. The initial kprop -P 3754 command did success though.

Can you please point me somewhere for troubleshooting? Thanks in advance!
Yegui
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: kpropd on non-default port

Greg Hudson
On 7/15/19 8:59 AM, Yegui Cai wrote:
> I am trying to deploy a master and a slave KDC. Due to regulations, I need
> to run everything on unpriviledged ports. I have done everything except for
> kpropd which by default runs on 754. When I launched kpropd on port, say,
> 3754. Database propagation did not happen. I did try running kproplog to
> check - the master node shows some changes but it is not reflected on the
> slave node. The initial kprop -P 3754 command did success though.

For full database propagation, kadmind on the master KDC need to know
what port to connect to on the replica KDC.  This port number can be
specified via the kadmind "-k portnum" option (new in release 1.15) or
by setting the KPROP_PORT environment variable.

kpropd on the replica KDC also needs to know what port to contact in
order to request updates from kadmind on the master KDC.  The iprop_port
relation needs to be present in the appropriate [realms] subsection on
both the master and replica KDCs.  (In 1.15, iprop_listen may be used
instead on the master KDC.)
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos