Robbie Harwood rharwood at redhat.com
Mon Mar 25 10:59:09 EDT 2019

Ivan <19b5b6e526d at tiny-vps.com> writes:

>> Where is your kdc.conf file, and can you verify that krb5kdc is reading
>> it?  The default location of kdc.conf is in the KDC data directory
>> (typically /var/krb5kdc), and you can explicitly set it with the
>> KRB5_KDC_PROFILE environment variable.
> Thank you for your reply and your time spent.
> The idea turned out to be correct: in the Linux distribution I used, the 
> kdc daemon read the /etc/krb5.conf file (and not /etc/kdc.conf). Now 
> everything works as it should.

Per kdc.conf(5), the kdc.conf file doesn't live in /etc; it lives
somewhere else.  (I put it at /var/kerberos/krb5kdc/kdc.conf in
RHEL/Fedora for historical reasons, while Debian/Ubuntu puts it at
/var/lib/krb5kdc/kdc.conf .)

However, as you observe, MIT krb5 will read and honor kdc.conf
directives from krb5.conf as well.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20190325/520ac77e/attachment.bin

More information about the Kerberos mailing list