Amanda-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: krb5 auth problem

2008-06-25 18:08:30
Subject: Re: krb5 auth problem
From: Alan Pearson <alandpearson AT yahoo DOT com>
To: Chad Kotil <ckotil AT grnoc.iu DOT edu>
Date: Wed, 25 Jun 2008 22:06:21 +0100 
Hi there,

We use this on 2.5.2.
On the client, amandad should be spawned by root (makes sense really, as it's the only user who can see all files :) ) 
Here's my xinetd.d/k5amandad file :

service k5amanda
{
socket_type = stream
protocol = tcp
wait = no
user = root
group = backup
server = /usr/libexec/amandad
server_args = -auth=krb5
disable = no
}


HTH,


---
AlanP


On 25 Jun 2008, at 21:45, Chad Kotil wrote:
I am trying to setup krb5 auth on amanda 2.6.0p1. I built the server and client --with-krb5-security, added a new principal to my KDC (amandabackup@KERBEROS REALM), and wrote a keytab file and placed it on the server. It is locked down so only amandabackup (the user that runs amanda) can read it. The clients have a .k5amandahosts file containing the following: 

amandabackup@KERBEROS REALM
backupmaster.f.q.d.n amandabackup@KERBEROS REALM

my amanda.conf file contains

krb5keytab      "/etc/amanda/krb5.keytab-amanda"
krb5principal   "amandabackup@KERBEROS REALM"


On both of my krb5 auth clients I am seeing this error:
1214425629.641678: amandad: critical (fatal): gss_server failed: real uid is 10036, needs to be 0 to read krb5 host key 

10036 is the UID for amandabackup, 0 is the UID for root.
Both clients work fine if I just use bsdtcp auth. I am using ssh auth everywhere else but for these two particular hosts I cannot use ssh keys. 

Any ideas?

Thanks,

--Chad
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  krb5 auth problem, Chad Kotil
Next by Date:  Re: krb5 auth problem, Jean-Louis Martineau
Previous by Thread:  krb5 auth problem, Chad Kotil
Next by Thread:  Re: krb5 auth problem, Jean-Louis Martineau
Indexes:  [Date] [Thread] [Top] [All Lists]