kdb5_ldap_util does not read kdc.conf

Greg Hudson ghudson at MIT.EDU
Sat Sep 25 10:40:57 EDT 2010


On Sat, 2010-09-25 at 04:32 -0400, Mark Pröhl wrote:
> So my question is: is the configuration of KDC LDAP parameters in 
> kdc.conf supported by MIT?
> (And should the documentation be fixed?)

I don't have a full understanding of the history here, but I believe
there used to be a separation of krb5.conf and kdc.conf settings, and
now there is not.  kdc.conf (aka $KRB5_KDC_PROFILE) is only used by
KDC-ish programs while krb5.conf (aka $KRB5_CONFIG) is used by all
programs.

I don't think the docs have caught up to the code.  What's documented
should work, obviously, but it doesn't describe the full flexibility
available to the admin.





More information about the Kerberos mailing list