[32716] in Kerberos
Re: kdb5_ldap_util does not read kdc.conf
daemon@ATHENA.MIT.EDU (Tom Parker)
Sun Sep 26 20:02:14 2010
Message-ID: <4C9FDEFC.6030204@cbnco.com>
Date: Sun, 26 Sep 2010 20:02:04 -0400
From: Tom Parker <tparker@cbnco.com>
MIME-Version: 1.0
To: Greg Hudson <ghudson@mit.edu>
In-Reply-To: <1285425657.20521.709.camel@ray>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
From an administrative standpoint I would prefer to maintain the separation.
I like being able to have one krb5.conf file that is common to all my clients (including the kdcs themselves) and then a kdc.conf file that is only for my krb5kdc processes.
I agree however that I can create a krb5 conf that is for kdcs only and a kdc.conf for the rest of the clients to achieve the same effect.
If it's easy to check in both places (this seems to be the case judging from the simple fix that was posted to the list last week for my problem) to allow greater flexibility to the admins that would be ideal.
Thanks
Tom Parker
On 09/25/2010 10:40 AM, Greg Hudson wrote:> On Sat, 2010-09-25 at 04:32 -0400, Mark Pröhl wrote:>> So my question is: is the configuration of KDC LDAP parameters in>> kdc.conf supported by MIT?>> (And should the documentation be fixed?)> I don't have a full understanding of the history here, but I believe> there used to be a separation of krb5.conf and kdc.conf settings, and> now there is not. kdc.conf (aka $KRB5_KDC_PROFILE) is only used by> KDC-ish programs while krb5.conf (aka $KRB5_CONFIG) is used by all> programs.>> I don't think the docs have caught up to the code. What's documented> should work, obviously, but it doesn't describe the full flexibility> available to the admin.>>> ________________________________________________> Kerberos mailing list Kerberos@mit.edu> https://mailman.mit.edu/mailman/listinfo/kerberos________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
