1.3.4: kadmin tries to open log file R/W (II)
Tom Yu
tlyu at MIT.EDU
Fri Sep 3 14:35:28 EDT 2004
>>>>> "mikef" == Mike Friedman <mikef at ack.berkeley.edu> writes:
mikef> Just to make sure that my symptoms (described below) were not
mikef> related to the fact that I was issuing 'kadmin' on the KDC
mikef> itself, I built a 1.3.4 (with patches) on another system and
mikef> tried kadmin there. I get the same result: a message that says
mikef> Couldn't open log file /var/log/kerberos/kerberos.log: Permission denied
mikef> I don't understand why client kadmin is trying to open a log file,
mikef> especially with R/W access. It never did this on earlier releases.
The kadmin client is built in both a networked form and a local form.
kadmin.local needs to run on a KDC host with privileges to read/write
the KDB, and the server-side kadm5 library it uses does need to do
some logging.
The kadmin client code itself is identical; only the library with
which it is linked is different. Unfortunately, the kadmin client
code cannot easily distinguish between running in local mode on a KDC
host and running as a networked client, so it too attempts to open the
logfile.
Fixing this problem correctly would probably involve giving the kadmin
client a means of determining whether it is running as a local client
or as a networked client.
---Tom
More information about the Kerberos
mailing list