kdb5_ldap_util does not read kdc.conf
Tom Parker
tparker at cbnco.com
Sun Sep 26 20:02:04 EDT 2010
From an administrative standpoint I would prefer to maintain the
separation.
I like being able to have one krb5.conf file that is common to all my
clients (including the kdcs themselves) and then a kdc.conf file that is
only for my krb5kdc processes.
I agree however that I can create a krb5 conf that is for kdcs only and
a kdc.conf for the rest of the clients to achieve the same effect.
If it's easy to check in both places (this seems to be the case judging
from the simple fix that was posted to the list last week for my
problem) to allow greater flexibility to the admins that would be ideal.
Thanks
Tom Parker
On 09/25/2010 10:40 AM, Greg Hudson wrote:
> On Sat, 2010-09-25 at 04:32 -0400, Mark Pröhl wrote:
>> So my question is: is the configuration of KDC LDAP parameters in
>> kdc.conf supported by MIT?
>> (And should the documentation be fixed?)
> I don't have a full understanding of the history here, but I believe
> there used to be a separation of krb5.conf and kdc.conf settings, and
> now there is not. kdc.conf (aka $KRB5_KDC_PROFILE) is only used by
> KDC-ish programs while krb5.conf (aka $KRB5_CONFIG) is used by all
> programs.
>
> I don't think the docs have caught up to the code. What's documented
> should work, obviously, but it doesn't describe the full flexibility
> available to the admin.
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list