Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

Problems Propagating the Kerberos Database

If propagating the Kerberos database fails, try /usr/bin/rlogin -x between the slave KDC and master KDC, and from the master KDC to the slave KDC server.

If the KDCs are secure by default, then the rlogin command is disabled and cannot be used to troubleshoot this problem. To enable rlogin on a KDC, you must enable the eklogin service.

# svcadm enable svc:/network/login:eklogin

After you finish troubleshooting the problem, disable the eklogin service.

# svcadm disable svc:/network/login:eklogin

If remote access does not work, problems are likely due to the keytab files on the KDCs. If remote access does work, the problem is not in the keytab file or the name service, because rlogin and the propagation software use the same host/host-name principal. In this case, make sure that the kpropd.acl file is correct.