duplicate kdc settings in krb5.conf
Wang Weijun
weijun.wang at oracle.com
Tue Feb 11 22:11:27 EST 2014
On Feb 12, 2014, at 10:56, Greg Hudson <ghudson at mit.edu> wrote:
> On 02/11/2014 04:56 AM, Wang Weijun wrote:
>> then both will be contacted, but if it's two different sub-stanza or stanza (could be in the same or different files), then only the first one will be picked up. For example, only k1 will be contacted for
>>
>> [realms]
>> D1 = {
>> kdc = k1
>> }
>> D1 = {
>> kdc = k2
>> }
>
> I think that's a bug.
Oh, I thought that was by design.
My understanding was that the top-level stanzas should be merged (I can imagine people have [libdefaults] in both krb5.conf and an included file) but not the others. While it's OK to merge (or not merge) the kdc settings above but if it's [capaths] the merge will be a disaster.
--Max
> If I trace through the profile code, it winds up
> creating a second subsection node for D1 within [realms], which is
> inaccessible to searches.
>
> By contrast, if you specify a top-level stanza (like [realms]) multiple
> times, the relations within (directly within, not inside subsections)
> get placed in the same top-level section node.
>
> I'll open a ticket if I don't find an existing one.
More information about the krbdev
mailing list