kdb5_ldap_util does not read kdc.conf

Tom Parker tparker at cbnco.com
Sun Sep 26 20:02:04 EDT 2010


  From an administrative standpoint I would prefer to maintain the 
separation.

I like being able to have one krb5.conf file that is common to all my 
clients (including the kdcs themselves) and then a kdc.conf file that is 
only for my krb5kdc processes.

I agree however that I can create a krb5 conf that is for kdcs only and 
a kdc.conf for the rest of the clients to achieve the same effect.

If it's easy to check in both places (this seems to be the case judging 
from the simple fix that was posted to the list last week for my 
problem) to allow greater flexibility to the admins that would be ideal.

Thanks

Tom Parker

On 09/25/2010 10:40 AM, Greg Hudson wrote:
> On Sat, 2010-09-25 at 04:32 -0400, Mark Pröhl wrote:
>> So my question is: is the configuration of KDC LDAP parameters in
>> kdc.conf supported by MIT?
>> (And should the documentation be fixed?)
> I don't have a full understanding of the history here, but I believe
> there used to be a separation of krb5.conf and kdc.conf settings, and
> now there is not.  kdc.conf (aka $KRB5_KDC_PROFILE) is only used by
> KDC-ish programs while krb5.conf (aka $KRB5_CONFIG) is used by all
> programs.
>
> I don't think the docs have caught up to the code.  What's documented
> should work, obviously, but it doesn't describe the full flexibility
> available to the admin.
>
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos



More information about the Kerberos mailing list