Description of problem: Bug 442879 brings different way, how to create the slave database. The rest is repast from my comment in original bug ( https://bugzilla.redhat.com/show_bug.cgi?id=442879#c16 ) "Found problems in architecture dependent stash file. When copying from one arch to another. This script provided by dev can workaround it by changing first bits of the file. Tested on several architectures." Version-Release number of selected component (if applicable): krb5-1.6.1-36.el5 How reproducible: Always on different archs Steps to Reproduce: 1. Set up a KDC database and host keytab for the master if it doesn't already have one. 2. Create a host keytab for the slave. You can do this on the master (primary) KDC 3.'scp' /tmp/krb5.keytab.slave to $slavefqdn:/etc/krb5.keytab, and /var/kerberos/krb5kdc/.k5* to $slavefqdn:/var/kerberos/krb5kdc. 4. On the slave (secondary) KDC, set up the ACLs so that a remote connection to the kprop service running on the slave made by the master KDC's 'host' principal will be allowed 5. Start the kpropd service on the slave and create dump and replicate the db from the master to slave 6. Start kerveros KDC service Actual results: KDC will not start Expected results: KDC will start Additional info: As workaround can be used script included in https://bugzilla.redhat.com/show_bug.cgi?id=442879 - which will recode the stash file.
Created attachment 355855 [details] candidate patch
Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: The format of the stash file, while not architecture-specific, is endian-specific, in that a stash file is not directly portable between big-endian and little-endian systems. When setting up a secondary KDC whose endianness differs from that of the master KDC, the stash file should be recreated by running 'kdb5_util create -s' on the secondary and supplying the original master password. In future releases, the format of this file will be that of a keytab file, and this will not be an issue.
Release note updated. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,7 +1,6 @@ -The format of the stash file, while not architecture-specific, is -endian-specific, in that a stash file is not directly portable between -big-endian and little-endian systems. When setting up a secondary KDC whose +The format of a stash file, while not architecture-specific, is +endian-specific. Consequently, a stash file is not directly portable between +big-endian and little-endian systems. When setting up a secondary KDC where the endianness differs from that of the master KDC, the stash file should be recreated by running 'kdb5_util create -s' on the secondary and supplying the -original master password. In future releases, the format of this file will be +original master password.-that of a keytab file, and this will not be an issue.
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?".
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0098.html