>>>>> "Joshua" == Joshua Rodman <[EMAIL PROTECTED]> writes:
Joshua> My hunch is that the problem is that my debconf priority
Joshua> level was "high", thus skipping the realm questions, thus
Joshua> leaving the realm undefined, causing kstash to fail.
The realm question was also skipped on my test.
Joshua> I think to get a reasonable chance at reproducing it I
Joshua> will need to set up a new chroot and this takes some time
Joshua> over my slow netlink.
Joshua> Currently, `hostname -d' appears to produce nothing:
That might be the problem.
>From the postinst:
if db_get krb5-config/default_realm && [ "x$RET" != "x" ]
then
default_realm="$RET"
else
default_realm=`hostname -d | tr a-z A-Z`
fi
db_fget heimdal/realm seen
if [ "$RET" != "true" ]; then
db_set heimdal/realm $default_realm
fi
db_subst heimdal/realm default_realm $default_realm
db_input medium heimdal/realm || true
db_go
db_get heimdal/realm; REALM="$RET"
...
echo -e "\n\n" | kadmin -l init $REALM > /dev/null
Notice how $REAM is quoted? Ok, maybe it isn't... What was I thinking
of?
Are you able to confirm if this is your problem?
Joshua> The whole kerberos experiment brought about much
Joshua> gnashing of teeth and poking at things with a stick
Joshua> regarding naming, where some services seemed to want
Joshua> calufrax.ducker.org, while others (nfs4) insisted that
Joshua> they wanted 'calufrax' sans ducker.org. And this was not
Joshua> only plain vanilla forward name lookups, there was some
Joshua> kind of insane incestuous behavior going on with reversing
Joshua> the IP and mapping the name back to the service and
Joshua> refusing it because the domain name was present.
As a general rule, I don't particular like this hostname thing. It is
very much global in nature and very arbitrary (especially if computer
has multiple IP addresses). Once set it can be difficult to change in
a safe manner depending on what services you are running
(e.g. openafs...) Unfortunately, there isn't a reliable way of
determining the default REALM to use.
--
Brian May <[EMAIL PROTECTED]>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
