When i run spawn amandad via xinetd as root, i get this error.

Also, What keytab on the client needs to be read as root?

--Chad


On Jun 25, 2008, at 5:29 PM, Jean-Louis Martineau wrote:

xinetd must be configured to run amandad as root.

Jean-Louis

Chad Kotil wrote:

I am trying to setup krb5 auth on amanda 2.6.0p1. I built the server and client --with-krb5-security, added a new principal to my KDC (amandabackup@KERBEROS REALM), and wrote a keytab file and placed it on the server. It is locked down so only amandabackup (the user that runs amanda) can read it. The clients have a .k5amandahosts file containing the following:

amandabackup@KERBEROS REALM
backupmaster.f.q.d.n amandabackup@KERBEROS REALM

my amanda.conf file contains

krb5keytab      "/etc/amanda/krb5.keytab-amanda"
krb5principal   "amandabackup@KERBEROS REALM"


On both of my krb5 auth clients I am seeing this error:

1214425629.641678: amandad: critical (fatal): gss_server failed: real uid is 10036, needs to be 0 to read krb5 host key

10036 is the UID for amandabackup, 0 is the UID for root.

Both clients work fine if I just use bsdtcp auth. I am using ssh auth everywhere else but for these two particular hosts I cannot use ssh keys.

Any ideas?

Thanks,

--Chad

Chad E. Kotil
Global Research NOC
ckotil AT grnoc.iu DOT edu
Phone: 812 855-5288