about the location of the log file in /etc/krb5.conf

Giuseppe Mazza g.mazza at imperial.ac.uk
Fri Feb 26 10:01:34 EST 2016


I am afraid not..

root at mymaster:~# grep log /etc/krb5.conf
[login]
[logging]
	kdc = FILE:/var/log/krb5kdc/krb5kdc.log
	admin_server = FILE:/var/log/kadmin.log
root at mymaster:~# grep log /etc/krb5kdc/kdc.conf
root at mymaster:~#

When I set FILE:/var/log/krb5kdc.log only in /etc/krb5.conf
it used to work without problems.

Giuseppe


On 26/02/16 14:35, gwenael.lebarzic at orange.com wrote:
> Hey.
>
> Did you put also the log parameter in the kdc.conf file ?
>
> BR.
>
> -----Message d'origine-----
> De : kerberos-bounces at MIT.EDU [mailto:kerberos-bounces at MIT.EDU] De la part de Giuseppe Mazza
> Envoyé : vendredi 26 février 2016 15:20
> À : kerberos at MIT.EDU
> Objet : Re: about the location of the log file in /etc/krb5.conf
>
> Sorry, I forgot to say that I have put in place the the rotation below:
>
> root at mymaster:/# cat /etc/logrotate.d/krb5kdc /var/log/krb5kdc/krb5kdc.log {
>     rotate 120
>     monthly
>     compress
>     missingok
>     notifempty
> }
>
>
>
> Incidentally the reason why I want to do that is that the log file /var/log/krb5kdc.log gets too big.
> My setup is as follows: users are created in the College Windows AD and there is an inter-realm trust between the Windows DCs and our departmental Linux kerberos servers.
>
> So I get a lot of entries such as
> ===
> Feb 26 14:06:00 mymaster.doc.ic.ac.uk krb5kdc[43052](info): AS_REQ (9 etypes {18 17 16 23 25 26 1 3 2}) __an_ip_address__: CLIENT_NOT_FOUND:
> a_user at DOC.IC.AC.UK for <unknown server>, Client not found in Kerberos database ===
>
>
>
> Regards,
> Giuseppe
>
>
>
>
> On 26/02/16 11:22, Giuseppe Mazza wrote:
>> Hi there,
>>
>> I have got the following problem. If I change the location of the log
>> file in /etc/krb5.conf from /var/log/krb5kdc.log
>> to   /var/log/krb5kdc/krb5kdc.log
>> i.e.
>> root at mymaster:/var/log# grep krb5kdc /etc/krb5.conf
>>       kdc = FILE:/var/log/krb5kdc/krb5kdc.log
>>
>> then the new log file /var/log/krb5kdc/krb5kdc.log is empty.
>>
>> root at mymaster:/var/log# ls -ld /var/log/krb5kdc drwxr-xr-x 2 root root
>> 24 Feb 26 09:45 /var/log/krb5kdc root at mymaster:/var/log# ls -lh
>> /var/log/krb5kdc/krb5kdc.log
>> -rw-r--r-- 1 root root 0 Feb 25 14:30 /var/log/krb5kdc/krb5kdc.log
>>
>> In other words I make the change, restart the service krb5-kdc, I can
>> see entries in "tail -f /var/log/krb5kdc/krb5kdc.log"
>> coming in, but when I Ctrl-c "tail -f /var/log/krb5kdc/krb5kdc.log"
>> the file /var/log/krb5kdc/krb5kdc.log is empty.
>>
>>
>> root at mymaster:/# aptitude show krb5-kdc | grep Version
>> Version: 1.12+dfsg-2ubuntu5.2
>>
>> Any idea?
>>
>> Kind regards,
>> Giuseppe
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>



More information about the Kerberos mailing list