Config file definition in osconf.h and double log entries from krb5kdc and kadmind

Marcus Watts mdw at
Tue Apr 8 15:21:21 EDT 2008

> Date:    Tue, 08 Apr 2008 11:39:20 PDT
> To:      kerberos at
> From:    Borislav_S <borislav.stoichkov at>
> Subject: Config file definition in osconf.h and double log entries from krb5kdc
>      *** and kadmind
> I have seen other posts on this topic but none of them were conclusive
> so I decided to give it a shot myself. I see double log entries from
> krb5kdc and kadmind. Long story short I ended up looking at the
> osconf.h file and the definition for the configuration file. It is
> defined as
> #define DEFAULT_SECURE_PROFILE_PATH     "/etc/krb5.conf:@SYSCONFDIR/
> krb5.conf"
> if sysconfdir is undefined at configure time then it ends up being "/
> etc/krb5.conf:/etc/krb5.conf" and the same file is parsed twice
> opening the same file twice and getting double entries logged. Of
> course the behavior changes when the KRB5_CONFIG env variable is set
> (to a single file). In that case there are no duplicates in the log
> files. This is a workaround and I can see potentially some benefit
> when parsing multiple files. My question is if that is the intended
> behavior ( possibly parse multiple files ). And based on that would it
> or would it not make sense to define it only as "@SYSCONFDIR/
> krb5.conf" so that /etc/krb5.conf is not considered if sysconfigdir
> has an inteded value and if it doesn't it defaults to /etc/krb5.conf.
> Version is 1.4 but 1.6 looks similar too. Thanks.
> Borislav

Yes, 1.6 has the same behavior.  It would be much nicer if profile_path
didn't default to the same file twice.

A kludge that will avoid the double logging property is to
edit /etc/krb5.conf and change this:

The * at the end of the top-level section start causes the section to be
marked "finalized", which means it can't be changed by reading a later
configuration file (including the same one twice).

					-Marcus Watts

More information about the Kerberos mailing list