Each time krb5 is started, I get:
----
Starting Kerberos administrative server kadmindkadmind: Cannot open
/var/lib/krb5kdc/kadm5.acl: No such file or directory while
initializing ACL file, aborting
----
The kadamind daemon is therefore not started.
There are several possibilities if we not want to configure acl's:
a) add acl_file = "" under the <EXAMPLE.ORG> realm in /etc/krb5.conf
This has two drawbacks: (i) the 'acl_file =' should be present
only on the kdc host, while an user might copy krb5.conf to a
client host. (ii) if an user later creates an acl file, he/she
may wonder why it is not taken into account.
b) create a file /var/lib/krb5kdc/kdc.conf, containing:
[realms]
<EXAMPLE.ORG> = {
acl_file = ""
}
Drawback: new file. But normally kdc.conf is only present on the KDC
host.
c) create an empty /var/lib/krb5kdc/kadm5.acl
Advantage: this file can be augmented later. But needs an
explanation in the book
I think I'd slightly prefer c).
Pierre
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
