about the location of the log file in /etc/krb5.conf
gwenael.lebarzic@orange.com
gwenael.lebarzic at orange.com
Fri Feb 26 09:35:00 EST 2016
Hey.
Did you put also the log parameter in the kdc.conf file ?
BR.
-----Message d'origine-----
De : kerberos-bounces at MIT.EDU [mailto:kerberos-bounces at MIT.EDU] De la part de Giuseppe Mazza
Envoyé : vendredi 26 février 2016 15:20
À : kerberos at MIT.EDU
Objet : Re: about the location of the log file in /etc/krb5.conf
Sorry, I forgot to say that I have put in place the the rotation below:
root at mymaster:/# cat /etc/logrotate.d/krb5kdc /var/log/krb5kdc/krb5kdc.log {
rotate 120
monthly
compress
missingok
notifempty
}
Incidentally the reason why I want to do that is that the log file /var/log/krb5kdc.log gets too big.
My setup is as follows: users are created in the College Windows AD and there is an inter-realm trust between the Windows DCs and our departmental Linux kerberos servers.
So I get a lot of entries such as
===
Feb 26 14:06:00 mymaster.doc.ic.ac.uk krb5kdc[43052](info): AS_REQ (9 etypes {18 17 16 23 25 26 1 3 2}) __an_ip_address__: CLIENT_NOT_FOUND:
a_user at DOC.IC.AC.UK for <unknown server>, Client not found in Kerberos database ===
Regards,
Giuseppe
On 26/02/16 11:22, Giuseppe Mazza wrote:
> Hi there,
>
> I have got the following problem. If I change the location of the log
> file in /etc/krb5.conf from /var/log/krb5kdc.log
> to /var/log/krb5kdc/krb5kdc.log
> i.e.
> root at mymaster:/var/log# grep krb5kdc /etc/krb5.conf
> kdc = FILE:/var/log/krb5kdc/krb5kdc.log
>
> then the new log file /var/log/krb5kdc/krb5kdc.log is empty.
>
> root at mymaster:/var/log# ls -ld /var/log/krb5kdc drwxr-xr-x 2 root root
> 24 Feb 26 09:45 /var/log/krb5kdc root at mymaster:/var/log# ls -lh
> /var/log/krb5kdc/krb5kdc.log
> -rw-r--r-- 1 root root 0 Feb 25 14:30 /var/log/krb5kdc/krb5kdc.log
>
> In other words I make the change, restart the service krb5-kdc, I can
> see entries in "tail -f /var/log/krb5kdc/krb5kdc.log"
> coming in, but when I Ctrl-c "tail -f /var/log/krb5kdc/krb5kdc.log"
> the file /var/log/krb5kdc/krb5kdc.log is empty.
>
>
> root at mymaster:/# aptitude show krb5-kdc | grep Version
> Version: 1.12+dfsg-2ubuntu5.2
>
> Any idea?
>
> Kind regards,
> Giuseppe
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.
More information about the Kerberos
mailing list