Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Real Users are afraid they'll break the machine -- but they're never afraid to break your face.

devel / comp.protocols.kerberos / How to view KVNO on slave

SubjectAuthor
o How to view KVNO on slaveMike

1
How to view KVNO on slave

<mailman.0.1696673931.2263420.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=376&group=comp.protocols.kerberos#376

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: kerbe...@norgie.net (Mike)
Newsgroups: comp.protocols.kerberos
Subject: How to view KVNO on slave
Date: Sat, 7 Oct 2023 11:18:32 +0100
Organization: TNet Consulting
Lines: 39
Message-ID: <mailman.0.1696673931.2263420.kerberos@mit.edu>
References: <ZSEweGP8vOXerlCH@lightning.iz.norgie.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="oFqk/5IsNwmvhtQ5"
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="18341"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: kerberos@mit.edu
Authentication-Results: mit.edu;
dmarc=fail (p=reject dis=none) header.from=norgie.net
Authentication-Results: mit.edu; arc=fail smtp.remote-ip=18.7.73.16
ARC-Seal: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1696673926; cv=fail;
b=HZ9eBrJGN4cHipYtDnFNONpfi9FM4xBiHzE3AAYHn+Y7IaBO/iAv18/7GGGZSkd+oyu2AIWfAbxe4uyCj25KVNCwWVXC5/rfX21VJtcUquojZnLZzmyCDFO+xhpOgE+W/tVoRw9azVosPD8i4GfqOtPLIXjIp7AQzA4hs0jjpKFbm5MvTyNwykiVLELQo2W5Df7ziP7YibfXLm44xEE6vSbyEw1Gf9omfQcgibHUg+ojQkHTYFVzVAREIjlEb2yaSkvrvfGffbYqCftazL7/b+kGZV0+MWu+2sbxsNbgwiOxovWRrOTX0BrE7WZ61gyw+bG3WlKfc00k7QvzSKKDwQ==
ARC-Message-Signature: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1696673926;
c=relaxed/relaxed; bh=ZjbDSLkS85lPbaukfQs5I1tdueW7uKY+XA0+TtcA3yY=;
h=Date:From:Subject:Message-ID:MIME-Version:Content-Type;
b=dshFTqphJzWXp8prFmfkfzVoBVdy7E4SZuopPKACVdFRMFnXKVhUeRvOww4vImXyWDYUo5faYcvCPRur3rPSDKyljA6x1d4Z333inj+Ro0EbRpA9fsm3ibWXJp0IGUr/dVBN4lj8UGNy1PENfBJYVmXj4G59DHhWNtsB10VMEbzaFfmjFbZSrVudgupaeB7ZVh5QxJgqN1N0gwR3pp+mRaL4tSDYsueYnGSCyvqN1CPGU82ao4TgXOsL1Hzb9fXF4QKBtWg8lfAdzfiRSPmWx4BABR7gMH9l/z0Inc1kgRYvv1guL/vqkWlCfDSAmuCvngjsxJaxNwuin5TTlxTevg==
ARC-Authentication-Results: i=2; mit.edu; dkim=fail (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=DJAOxlfc
reason="signature verification failed"; dkim=fail (4096-bit key;
unprotected) header.d=norgie.net header.i=@norgie.net header.a=rsa-sha256
header.s=default header.b=Vu608Gej reason="signature verification failed"
Authentication-Results: mit.edu;
dkim=fail reason="signature verification failed" (1024-bit key;
unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=DJAOxlfc;
dkim=fail reason="signature verification failed" (4096-bit key;
unprotected) header.d=norgie.net header.i=@norgie.net header.a=rsa-sha256
header.s=default header.b=Vu608Gej
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=eNbXMWOca2z9HTvdmTBnOwD3BRDFmdcf9w+rn03DScpt2VChSN74+xfildSJEgfbUzQMorpyrq+92ziL/QTxWj8vDjRgdrqzJkumPSCZXVcWL/nFOn5+nbIBScrCIYbUiCyum/SA/7KTcYwW9p4asuH4W4j20Gk18JoRymc6PAlrupqaRi5JirKb3+PzgA6o9serly0lYzIiotBSMQxedytrhiojGTD3Vui42y7b+z9E1PikL3iP4vVhdG7HvrjHC/2EPNbKEri/rQACeXrCYchqGr72mgvfeet+h00aGRGx0EjLaxs+0RY+s1ruhOh5oQqfC34AaQM/+m7vWOB7YQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=3ZMm2xBBFAEHcv1TMA6ywWdQjLVQtJQXWIR7SNLqRAk=;
b=FLTOgoKAfm6ulk6K+zL4gxGYI8L1IWccUUgiAYkfLrDGOVECwNswSWc9fylVwGN6YYjep7NjGIesSChWqC87DodU/BzCdJAYtC5CMl8MZIxm5CvBf5pmQmxq9r546MqTDy9g4ROzK6I4AZK0YK/+2tCbz9zbVEw/Eox7Ky/i60uAKNS+eic7Cra/E2EAboDe3lA+ZsQ/U1Wa8QTLDUiVUandApMAkP/Issh0V1iDCpcULns6d2wF1Y+yVOLWxTPfZJ+Ux0PfBA3/mU/mx4tDUbibPXmg45/A+E/c9Hp8V6e7WuilsjM3dQz1enU/ThwPR4dUM6YRnJMaQedSjmYw8g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
81.187.90.236) smtp.rcpttodomain=mit.edu smtp.mailfrom=norgie.net; dmarc=pass
(p=reject sp=reject pct=100) action=none header.from=norgie.net; dkim=pass
(signature was verified) header.d=norgie.net; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=3ZMm2xBBFAEHcv1TMA6ywWdQjLVQtJQXWIR7SNLqRAk=;
b=DJAOxlfcTuxtkhSM8aCz9nfdX6yUQjLGnosSLl4ed9oBCazoEgP8Dn+1ls+r0Sxda9xS/eTTSrbTbX8Sy/PDhaEa3XboPMvPFuOaIpRWAfK+oxiykdK0D/T+2FjSRWSn99PDUpj319iDEnEJOR1OrZQWEMsniiocxklrofntFEc=
Authentication-Results: spf=pass (sender IP is 81.187.90.236)
smtp.mailfrom=norgie.net; dkim=pass (signature was verified)
header.d=norgie.net;dmarc=pass action=none header.from=norgie.net;
Received-SPF: Pass (protection.outlook.com: domain of norgie.net designates
81.187.90.236 as permitted sender) receiver=protection.outlook.com;
client-ip=81.187.90.236; helo=javelin.dmz.norgie.net; pr=C
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=norgie.net; s=default;
t=1696673914; bh=dYfodfmt7mGz9+rYxJDG7nfpzZGNgZUbMIg6lPzE74k=;
h=Date:From:To:Subject:From;
b=Vu608GejYABYcumSHIwjztkj9OySUIH2GNhvqMPTHmcvW6g8n4Nnp6gS+4xwSV5qg
yRnjQzO4BZUeL3UGyromgZtSWVv43wQYYNW/RX22dWVUnkzscHdnnjiXCm093ewYfp
Cr55QvniOt+k2TceiDRLis5r4lBSFGLAMQKiZR8rxkc4xmFOic6Hts3xkYw2Sa9ZfJ
2Dw67tsAp+lb0YZ/OlVOdQzbtR61uZubAQ+4XR5p4LcOLGOqqbwQ8zyt0GYjc4KpX2
CyVNcbbMAsIsuuUCPFb8ARcyNHVYscP34/ZsO5rLXRTpraZnybxnu4SKYtVlD6CWVc
6Ja9j0JotvS3aaVmmUql4ShzkXmd1Rm+v7fr8y7bToB8w8U5/+0qF/PewIwxlcdIgx
kvXBRlBXddZgMxajp8ZUHnDo3GC9wCDO+2oP0p+g/QPVZaEpi4zAP0DwggiI4JNFDE
7pCBntE99atk4vNFM9KsSvlaM8vE576wXtA2eeYsz98VraS2pgAExBoz6H/P/Yz9+8
B9JBY37/7hIwmHosUO2nAVdOiI8QyjZPYUS9MQFfvQfBWJcBZ0nMBIlDxx/7QVaO8s
iAmgHvT0K1YFdr0DdPWgZnOxptIFoMF7tvlv5HuBHlD14LNWw4xy6eG2g1Es0dCdgj
TX+EqXwGloHK8zo/AME/U09A=
Content-Disposition: inline
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SA2PEPF000015C9:EE_|LV2PR01MB7888:EE_
X-MS-Office365-Filtering-Correlation-Id: cf6f0401-e9b8-468c-5c2f-08dbc71ec44f
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: TQOpnFQ3OCMEOtilSDXT8HA6WyzWhILmz8pLyosY5k1RRewZBMlerARKdslroTAUzwV2a9cBtHzBXDGSozX6WyH1Fh8dRWdsondDWmmt3KVxwtyZ0dBUp0GdScHWhOKGBMZdKA3dpPHn5eHAs+JTWL3FYRG2JrXlDVbHR5HSHFDNWsjqCQDenYhmgIci/hoaUEyuLGxVl9NRv7VxbqHRlqAN+VXWV67nBoOL3H8m53Ms228BD2wfG2dUFjVqYFraDmVtqka2sF2nMApsj9aimU0SWcZotZnmyCGrSfBOgivq/5Boc4CJfV949Npi0Ipg33GXEm5HeT2oo9nj4lzgE57N3azQeRR3cqmwmoxrVkPK23ZaIzYfCZ7+CcynxKIx+oeK/+RT+XXAPIw3Bp1xxwe4KcNO4W9vfZS+cqaABlsXwKSR/TMn4iXLHadd9Z6z3XhAN6RCzzLSlXqbw589wObdjEGtnuHWH1ywp5idJKyLLYIH6Yik6IcebGMp0kENe9q4/XaGmwQ2pKraBetxLQvvVDq6CAi+0gHEH6et/9JQLJtqeRpnaescd5QQ+e5eXu+m0VeUZ+fuhVORqKT0Hi6im6JoHGI3tFuWPek+Eujje9UeRM4hQngDLwRewxXTWLieTqwz/qBH1N2iPOVNGOdDXnyBAhgcLzRxMWuJ219XfUYo+AY29V+o9gm1kpvyduylCESnl+gM9E+2bC5lVTxlhVFUApqr3riXePwmtxw=
X-Forefront-Antispam-Report: CIP:81.187.90.236; CTRY:GB; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:javelin.dmz.norgie.net; PTR:javelin.dmz.norgie.net;
CAT:NONE;
SFS:(13230031)(4636009)(376002)(39860400002)(346002)(396003)(136003)(61400799006)(48200799006)(451199024)(64100799003)(5660300002)(356005)(786003)(8676002)(44144004)(68406010)(6966003)(7696005)(83380400001)(336012)(316002)(21480400003)(70586007)(426003)(26005)(34206002)(7596003)(498600001)(7636003)(86362001)(6266002)(55016003)(2906002)(2700100001);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2023 10:18:35.6726 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: cf6f0401-e9b8-468c-5c2f-08dbc71ec44f
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: SA2PEPF000015C9.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR01MB7888
X-OriginatorOrg: mitprod.onmicrosoft.com
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <ZSEweGP8vOXerlCH@lightning.iz.norgie.net>
 by: Mike - Sat, 7 Oct 2023 10:18 UTC
Attachments: signature.asc (application/pgp-signature)

Folks,

I have recently upgraded my server estate and this in turn uncovered my
aging 3DES kerberos principles. I've been thought and rekeyed them as
with AES and this has created a little problem. Something went wrong
with the service principle for one of my Apache servers and now key
based authentication is no longer working on that host. I've been
trying to debug it to no avail. Unfortuantely the mod_auth_gssapi, as
far as I can tell, doesn't like giving too much into out.

I'm surmising that the issue might be that the service principle may not
have replicated corerctly to the slave server, which is used by the
Apache host. I can see the ticket details on the master using
kadmin.local and getprinc and I can see the keytab info using ktutil.
My question is this: How does one view the KVNO in the Slave DB? I
imaine it's probably available via kdb5_util dump but unfortunatly I
have not found any documents explaining the fields in the dump.

If anyone can advise on how to get the KVNO from the slave or indeed has
any other advice, it would be gratefully receieved.

Regards,
Mike.

Attachments: signature.asc (application/pgp-signature)
1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor