kdb5_ldap_util does not read kdc.conf
Mark Pröhl
mark at mproehl.net
Sat Sep 25 04:32:24 EDT 2010
On 09/22/2010 11:08 PM, Greg Hudson wrote:
> On Wed, 2010-09-22 at 16:59 -0400, Tom Parker wrote:
>
>> Is this a bug? Or am I wrong in my assumptions about the two files.
>>
> Without actually trying to duplicate your behavior, just looking at the
> source code, it looks like a bug in the way kdb5_ldap_util initializes
> its krb5 context. I'm surprised it hasn't come up before. It should be
> easy to fix.
>
> A workaround is to set
> KRB5_CONFIG=/etc/krb5.conf:/var/lib/kerberos/krb5kdc/kdc.conf while
> running kdb5_ldap_util.
>
>
> ________________________________________________
> Kerberos mailing listKerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
I wonder why the KDC LDAP parameters are only described in krb5.conf(5)
and not in kdc.conf(5).
Furthermore, the chapter "Configuring Kerberos with OpenLDAP back-end"
in the Administrator's Guide does not mention the file kdc.conf at all.
Therefore, I always thought that configuring krb5.conf is the only
supported way of setting up the LDAP backend.
By applying the described workaround for kdb5_ldap_util
(KRB5_CONFIG=...kdc.conf) it becomes possible to do a strict separation
of the meaning of the two files: krb5.conf configures the Kerberos
library and kdc.conf is for KDC configuration. (Which is what I would
like to have.)
So my question is: is the configuration of KDC LDAP parameters in
kdc.conf supported by MIT?
(And should the documentation be fixed?)
Regards,
Mark Pröhl
More information about the Kerberos
mailing list