[32712] in Kerberos
Re: kdb5_ldap_util does not read kdc.conf
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Mark_Pr=F6hl?=)
Sat Sep 25 04:32:40 2010
Message-ID: <4C9DB398.1060409@mproehl.net>
Date: Sat, 25 Sep 2010 10:32:24 +0200
From: =?ISO-8859-1?Q?Mark_Pr=F6hl?= <mark@mproehl.net>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <1285189704.20521.563.camel@ray>
Reply-To: mark@mproehl.net
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 09/22/2010 11:08 PM, Greg Hudson wrote:
> On Wed, 2010-09-22 at 16:59 -0400, Tom Parker wrote:
>
>> Is this a bug? Or am I wrong in my assumptions about the two files.
>>
> Without actually trying to duplicate your behavior, just looking at the
> source code, it looks like a bug in the way kdb5_ldap_util initializes
> its krb5 context. I'm surprised it hasn't come up before. It should be
> easy to fix.
>
> A workaround is to set
> KRB5_CONFIG=/etc/krb5.conf:/var/lib/kerberos/krb5kdc/kdc.conf while
> running kdb5_ldap_util.
>
>
> ________________________________________________
> Kerberos mailing listKerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
I wonder why the KDC LDAP parameters are only described in krb5.conf(5)
and not in kdc.conf(5).
Furthermore, the chapter "Configuring Kerberos with OpenLDAP back-end"
in the Administrator's Guide does not mention the file kdc.conf at all.
Therefore, I always thought that configuring krb5.conf is the only
supported way of setting up the LDAP backend.
By applying the described workaround for kdb5_ldap_util
(KRB5_CONFIG=...kdc.conf) it becomes possible to do a strict separation
of the meaning of the two files: krb5.conf configures the Kerberos
library and kdc.conf is for KDC configuration. (Which is what I would
like to have.)
So my question is: is the configuration of KDC LDAP parameters in
kdc.conf supported by MIT?
(And should the documentation be fixed?)
Regards,
Mark Pröhl
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
