Re: krb5 auth problem
2008-06-25 18:08:30
Hi there,
We use this on 2.5.2.
On the client, amandad should be spawned by root (makes sense really,
as it's the only user who can see all files :) )
Here's my xinetd.d/k5amandad file :
service k5amanda
{
socket_type = stream
protocol = tcp
wait = no
user = root
group = backup
server = /usr/libexec/amandad
server_args = -auth=krb5
disable = no
}
HTH,
---
AlanP
On 25 Jun 2008, at 21:45, Chad Kotil wrote:
I am trying to setup krb5 auth on amanda 2.6.0p1. I built the server
and client --with-krb5-security, added a new principal to my KDC
(amandabackup@KERBEROS REALM), and wrote a keytab file and placed it
on the server. It is locked down so only amandabackup (the user that
runs amanda) can read it. The clients have a .k5amandahosts file
containing the following:
amandabackup@KERBEROS REALM
backupmaster.f.q.d.n amandabackup@KERBEROS REALM
my amanda.conf file contains
krb5keytab "/etc/amanda/krb5.keytab-amanda"
krb5principal "amandabackup@KERBEROS REALM"
On both of my krb5 auth clients I am seeing this error:
1214425629.641678: amandad: critical (fatal): gss_server failed:
real uid is 10036, needs to be 0 to read krb5 host key
10036 is the UID for amandabackup, 0 is the UID for root.
Both clients work fine if I just use bsdtcp auth. I am using ssh
auth everywhere else but for these two particular hosts I cannot use
ssh keys.
Any ideas?
Thanks,
--Chad
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: Amanda 2.6.0 spanning, (continued)
- RE: Amanda 2.6.0 spanning, Johan Booysen
- Re: Amanda 2.6.0 spanning, Paul Bijnens
- RE: Amanda 2.6.0 spanning, Johan Booysen
- RE: Amanda 2.6.0 spanning, Johan Booysen
- Re: Amanda 2.6.0 spanning, Dustin J. Mitchell
- RE: Amanda 2.6.0 spanning, Johan Booysen
- Re: Amanda 2.6.0 spanning, Dustin J. Mitchell
- RE: Amanda 2.6.0 spanning, Johan Booysen
- Re: Amanda 2.6.0 spanning, Paul Bijnens
- krb5 auth problem, Chad Kotil
- Re: krb5 auth problem,
Alan Pearson <=
- Re: krb5 auth problem, Jean-Louis Martineau
- Re: krb5 auth problem, Chad Kotil
- Re: krb5 auth problem, Jean-Louis Martineau
- Re: krb5 auth problem, Chad Kotil
- Re: krb5 auth problem, Chad Kotil
- Message not available
- Re: krb5 auth problem, Chad Kotil
- Re: Amanda 2.6.0 spanning, Paul Bijnens
Re: IO Errors backing up to new LTO3, Andrew Best
|
|
|