kdc.conf and krb5.conf
Greg Hudson
ghudson at MIT.EDU
Thu Jun 16 11:34:42 EDT 2011
On Thu, 2011-06-16 at 04:53 -0400, Frank Dornheim wrote:
> * Is the kdc.conf obsolete?
> * Which config is the winner by a misconfiguration?
> ' Which parts had to be in both configs (not the specific points -
> the topics)?
Prior to krb5 1.6, each setting had to be put in the correct file
(krb5.conf or kdc.conf). Since krb5 1.6, the way it works is now more
flexible:
* Client programs only read krb5.conf.
* KDC-related programs read kdc.conf and then krb5.conf.
As for which file wins, this is sort of a complicated question since
profile variables can be multiply defined. Generally I think kdc.conf
wins, because calling code tends to look at the first defined value of a
profile variable. I'm not sure why mistakes in your kdc.conf didn't
affect the operation of your setup.
It is never strictly necessary to use a kdc.conf file. You might still
want to do so in order that krb5.conf on your KDC can be the same as it
is on client machines, instead of containing a merge of client and KDC
settings.
More information about the Kerberos
mailing list