problem using disable_last_success

Tue Aug 2 15:59:20 EDT 2011

On Tue, 2011-08-02 at 12:54 -0400, Dave Steiner wrote:
> So I put the following in my krb5.conf, per the instructions in the
> Administrator's Guide:
> 
>    [dbmodules]
>         disable_last_success = true

That's not what the administrator's guide was trying to say.  You should
have a subsection in dbmodules corresponding to the database_module
directive in your realm definition.  For example:

    [realms]
        KRBTEST.COM = {
            ...
            database_module = db2-krbtest
            ...
        }

    [dbmodules]
        db2-krbtest = {
            disable_last_success = true
            database_name = /path/to/...
            ...
        }

> Didn't really notice any improvement but ok.... then someone noticed
> that we were still logging!  I dug around the code and found the
> krb5.conf manpage that says this belongs in the dbdefaults section....

That's a bug.  I'll change either the code or the documentation after
looking at the situation a little more.