Using a stub krb5.conf with "include"

John Devitofranceschi foonon at
Mon Dec 12 16:21:01 EST 2022

> On Dec 12, 2022, at 3:24 PM, Greg Hudson <ghudson at MIT.EDU> wrote:
> On 12/12/22 14:04, John Devitofranceschi wrote:
>> % cat mykrb5.conf
>> [libdefaults]
>> default_ccache_name = FILE:/my_ccache_location/krbcc_%{uid}
>> include /etc/krb5.conf
>> I cannot find a description of the behaviour of the ‘include’ directive with respect to this kind of thing.

> is the documentation we have on the include directive.  Your example should work.

Yeah, I read that. It doesn’t really address the precedence question though, does it? Thanks for the confirmation!

> In the profile model, a relation can have one or more values, with the order of values determined by the order of appearance.  Some variables have a defined meaning for multiple values (like "kdc" in a realm section), but most variables, including default_ccache_name, only have meaning for a single value.
> Unfortunately, different parts of the code are not consistent in how they handle multiple values for a single-value variable.  For variables handled through libkrb5, like default_ccache_name, the first value is used.  So in your example, your default_ccache_name setting would take precedence over one defined in the system krb5.conf, because it was read first.

I did come to this conclusion through experimentation (at least for my particular use-cases). 

Thanks again,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4109 bytes
Desc: not available
URL: <>

More information about the Kerberos mailing list