>>>>> "Joshua" == Joshua Rodman <[EMAIL PROTECTED]> writes:
Joshua> My hunch is that the problem is that my debconf priority Joshua> level was "high", thus skipping the realm questions, thus Joshua> leaving the realm undefined, causing kstash to fail. The realm question was also skipped on my test. Joshua> I think to get a reasonable chance at reproducing it I Joshua> will need to set up a new chroot and this takes some time Joshua> over my slow netlink. Joshua> Currently, `hostname -d' appears to produce nothing: That might be the problem. >From the postinst: if db_get krb5-config/default_realm && [ "x$RET" != "x" ] then default_realm="$RET" else default_realm=`hostname -d | tr a-z A-Z` fi db_fget heimdal/realm seen if [ "$RET" != "true" ]; then db_set heimdal/realm $default_realm fi db_subst heimdal/realm default_realm $default_realm db_input medium heimdal/realm || true db_go db_get heimdal/realm; REALM="$RET" ... echo -e "\n\n" | kadmin -l init $REALM > /dev/null Notice how $REAM is quoted? Ok, maybe it isn't... What was I thinking of? Are you able to confirm if this is your problem? Joshua> The whole kerberos experiment brought about much Joshua> gnashing of teeth and poking at things with a stick Joshua> regarding naming, where some services seemed to want Joshua> calufrax.ducker.org, while others (nfs4) insisted that Joshua> they wanted 'calufrax' sans ducker.org. And this was not Joshua> only plain vanilla forward name lookups, there was some Joshua> kind of insane incestuous behavior going on with reversing Joshua> the IP and mapping the name back to the service and Joshua> refusing it because the domain name was present. As a general rule, I don't particular like this hostname thing. It is very much global in nature and very arbitrary (especially if computer has multiple IP addresses). Once set it can be difficult to change in a safe manner depending on what services you are running (e.g. openafs...) Unfortunately, there isn't a reliable way of determining the default REALM to use. -- Brian May <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]