Problems Propagating the Kerberos Database
If propagating the Kerberos database fails, try /usr/krb5/bin/rlogin -x between the slave KDC and master KDC and vice versa.
Note -
If the KDCs have been set up to restrict access, rlogin is disabled and cannot be used to troubleshoot this problem. To enable rlogin on a KDC, you must uncomment the eklogin entry in the /etc/inetd.conf file and restart inetd, as follows:
# ps -eaf | grep inetd displays the process ID of inetd # kill -1 pid_of_inetd |
After you finish troubleshooting the problem, you need to change the inetd.conf file back to its original state and restart inetd again.
If rlogin does not work, problems are likely to be the keytabs on the KDCs. If rlogin does work, the problem is not in the keytab or the name service, since rlogin and the propagation software use the same host/host_name principal. In this case, make sure the kpropd.acl file is correct.
- © 2010, Oracle Corporation and/or its affiliates