Trying to understand KADMIN logging issue

Morrison, Wayne wayne.morrison at
Fri Mar 4 12:09:57 EST 2005

Before I file a bug report, I want to make sure I'm not missing
something in understanding a problem we've run into.

Below is a problem statement for an issue that the engineer working on
our port has run into.  Shouldn't the KADMIN client either open it's own
log file, or call common routines with the server to ensure proper
shared access to the log file?  I certainly wouldn't expect a client to
be able to overwrite a server's log file, which is the behavior we're

The base is Kerberos 1.3.6 (but this code also appears to be the same in

	Wayne Morrison
	Kerberos & CDSA/Secure Delivery Project Leader
	OpenVMS Engineering, HP


>     I am having a problem where the KADMIN client is overwriting the
> KADMIN server's (KADMIND) log file.  The CHANGELOG. has this
>     2000-10-16  Tom Yu
>             * kadmin.c (strdur): Print negative durations somewhat (!)
>             sanely.
>             (kadmin_startup): Call krb5_klog_init() to avoid
coredumping if
>             kadm5_init() logs something via krb5_klog_syslog().
> The snippet of client code added is:
>         retval = krb5_klog_init(context, "admin_server", whoami, 0);
>          if (retval) {
>              com_err(whoami, retval, "while setting up logging");
>              exit(1);
>          }
> As can be seen, the client is opening "admin_server" (the *server's*
> file).  With the configuration file specifying "admin_server =
> this is causing an overwrite of the currently running server's log
> If the client needs to open a log file, shouldn't it open its own or
> the logging routines check if a log file is opened?

More information about the krbdev mailing list