1.3.4: kadmin tries to open log file R/W (II)

Tom Yu tlyu at MIT.EDU
Fri Sep 3 14:35:28 EDT 2004

>>>>> "mikef" == Mike Friedman <mikef at ack.berkeley.edu> writes:

mikef> Just to make sure that my symptoms (described below) were not
mikef> related to the fact that I was issuing 'kadmin' on the KDC
mikef> itself, I built a 1.3.4 (with patches) on another system and
mikef> tried kadmin there.  I get the same result: a message that says

mikef>   Couldn't open log file /var/log/kerberos/kerberos.log: Permission denied

mikef> I don't understand why client kadmin is trying to open a log file,
mikef> especially with R/W access.  It never did this on earlier releases.

The kadmin client is built in both a networked form and a local form.
kadmin.local needs to run on a KDC host with privileges to read/write
the KDB, and the server-side kadm5 library it uses does need to do
some logging.

The kadmin client code itself is identical; only the library with
which it is linked is different.  Unfortunately, the kadmin client
code cannot easily distinguish between running in local mode on a KDC
host and running as a networked client, so it too attempts to open the

Fixing this problem correctly would probably involve giving the kadmin
client a means of determining whether it is running as a local client
or as a networked client.


More information about the Kerberos mailing list