Double log messages under RH8
dopheide at ncsa.uiuc.edu
Tue Oct 14 22:24:41 EDT 2003
Problem solved, with slight concern.
Apparently, the kerberos daemons read both /etc/krb5.conf and
/usr/local/krb5/etc/krb5.conf. I always assumed one would take precedence
over the other. On our KDC, /etc/krb5.conf was a link to
/usr/local/krb5/etc/krb5.conf. After making /etc/krb5.conf a real file
and removing /usr/local/krb5/etc/krb5.conf, we are now getting the
correct logs (instead of doubled).
I'm not extremely familiar with the kerberos source tree yet, but it seems
that profile_init (util/profile/prof_init.c) reads through every krb5.conf
file in the DEFAULT_PROFILE_PATH (include/krb5/stock/osconf.h). What
bothers me is that seeing the same [logging] section twice caused kerberos
to log twice instead of overriding the settings it read from the first
file. How can the default logging mechanism be set twice? Why is this
even possible? What other problems could be caused by dual krb5.conf
> A few months back we migrated our KDC over from HPUX to RedHat Linux 8.0.
> Ever since the migration our krb5 daemons have been writing every message
> to the log twice.
> We are using syslog for logging with this entry in krb5.conf:
> default = SYSLOG:INFO:LOCAL6
> And this entry in syslog.conf:
> local6.info /var/log/krb5.log
> I've only been able to find one reference for another person having a
> similar problem from 6-7-2002, I've included that at the end of my
> message. Anyone have any ideas?
> Mike Dopheide dopheide at ncsa.uiuc.edu
> Research Programmer 217-244-0299
> National Center for Supercomputing Applications
> Previous post regarding same issue:
> From: Leonard J. Peirce (peirce at gumby.it.wmich.edu)
> Subject: Double log entries for V5 1.2.4 on Solaris 8
> This is the only article in this thread
> View: Original Format
> Newsgroups: comp.protocols.kerberos
> Date: 2002-06-07 13:04:56 PST
> In our kdc and kadmin logs we're seeing exactly two copies of every
> that gets logged. This has been happening for a while (I think back to
> and while it doesn't really hurt anything it is getting annoying. Did we
> something wrong when we built/configured things? This happens both with
> FILE and SYSLOG.
> BTW, in case anyone is interested we did finally recover from the database
> corruption problem that I posted about back in March. Many thanks to
> Ken Raeburn for his helpful advice and patience.
> Leonard J. Peirce Email: leonard.peirce at wmich.edu
> UNIX System Administrator
> Western Michigan University
> Office of Information Technology
> Kalamazoo, MI 49008 Phone: (616) 387-5430
> Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos