Using a stub krb5.conf with "include"
John Devitofranceschi
foonon at gmail.com
Mon Dec 12 16:21:01 EST 2022
> On Dec 12, 2022, at 3:24 PM, Greg Hudson <ghudson at MIT.EDU> wrote:
>
> On 12/12/22 14:04, John Devitofranceschi wrote:
>> % cat mykrb5.conf
>> [libdefaults]
>> default_ccache_name = FILE:/my_ccache_location/krbcc_%{uid}
>> include /etc/krb5.conf
>
>> I cannot find a description of the behaviour of the ‘include’ directive with respect to this kind of thing.
>
> https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html#structure
>
> is the documentation we have on the include directive. Your example should work.
Yeah, I read that. It doesn’t really address the precedence question though, does it? Thanks for the confirmation!
>
> In the profile model, a relation can have one or more values, with the order of values determined by the order of appearance. Some variables have a defined meaning for multiple values (like "kdc" in a realm section), but most variables, including default_ccache_name, only have meaning for a single value.
>
> Unfortunately, different parts of the code are not consistent in how they handle multiple values for a single-value variable. For variables handled through libkrb5, like default_ccache_name, the first value is used. So in your example, your default_ccache_name setting would take precedence over one defined in the system krb5.conf, because it was read first.
>
I did come to this conclusion through experimentation (at least for my particular use-cases).
Thanks again,
jd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4109 bytes
Desc: not available
URL: <http://mailman.mit.edu/pipermail/kerberos/attachments/20221212/ef78815c/attachment.p7s>
More information about the Kerberos
mailing list