Kerberos+LDAP: kadmin.local and kadmin show different principals

Greg Hudson ghudson at MIT.EDU
Thu Jan 13 00:42:52 EST 2011

On Thu, 2011-01-13 at 00:18 -0500, Nick Triantos wrote:
> Does kadmin expect different parameters to be set in krb5.conf than
> kadmin.local would?  The man page implies the two behave very
> similarly.

Is there any possibility that the second search tree was added to
krb5.conf since kadmind was last started?  Put another way, if you
restart kadmind, does the problem go away?

If that's not it, then it's possible that there's a bug here, but I
can't imagine off the top of my head what it would look like.  There are
three layers of common libraries between kadmind/kadmin.local and the
accesses to the LDAP server, and it would be odd for both tools to
succeed but interpret the same profile settings differently.

More information about the Kerberos mailing list