Trying to understand KADMIN logging issue
Morrison, Wayne
wayne.morrison at hp.com
Fri Mar 4 12:09:57 EST 2005
Before I file a bug report, I want to make sure I'm not missing
something in understanding a problem we've run into.
Below is a problem statement for an issue that the engineer working on
our port has run into. Shouldn't the KADMIN client either open it's own
log file, or call common routines with the server to ensure proper
shared access to the log file? I certainly wouldn't expect a client to
be able to overwrite a server's log file, which is the behavior we're
seeing.
The base is Kerberos 1.3.6 (but this code also appears to be the same in
1.4)
Wayne Morrison
Kerberos & CDSA/Secure Delivery Project Leader
OpenVMS Engineering, HP
---------------------------------
> I am having a problem where the KADMIN client is overwriting the
> KADMIN server's (KADMIND) log file. The CHANGELOG. has this
mentioned:
>
> 2000-10-16 Tom Yu
>
> * kadmin.c (strdur): Print negative durations somewhat (!)
> sanely.
> (kadmin_startup): Call krb5_klog_init() to avoid
coredumping if
> kadm5_init() logs something via krb5_klog_syslog().
>
> The snippet of client code added is:
>
> retval = krb5_klog_init(context, "admin_server", whoami, 0);
> if (retval) {
> com_err(whoami, retval, "while setting up logging");
> exit(1);
> }
>
> As can be seen, the client is opening "admin_server" (the *server's*
log
> file). With the configuration file specifying "admin_server =
FILE=...",
> this is causing an overwrite of the currently running server's log
file.
> If the client needs to open a log file, shouldn't it open its own or
have
> the logging routines check if a log file is opened?
More information about the krbdev
mailing list