On 09/22/2010 11:08 PM, Greg Hudson wrote: > On Wed, 2010-09-22 at 16:59 -0400, Tom Parker wrote: > >> Is this a bug? Or am I wrong in my assumptions about the two files. >> > Without actually trying to duplicate your behavior, just looking at the > source code, it looks like a bug in the way kdb5_ldap_util initializes > its krb5 context. I'm surprised it hasn't come up before. It should be > easy to fix. > > A workaround is to set > KRB5_CONFIG=/etc/krb5.conf:/var/lib/kerberos/krb5kdc/kdc.conf while > running kdb5_ldap_util. > > > ________________________________________________ > Kerberos mailing [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos >
I wonder why the KDC LDAP parameters are only described in krb5.conf(5) and not in kdc.conf(5). Furthermore, the chapter "Configuring Kerberos with OpenLDAP back-end" in the Administrator's Guide does not mention the file kdc.conf at all. Therefore, I always thought that configuring krb5.conf is the only supported way of setting up the LDAP backend. By applying the described workaround for kdb5_ldap_util (KRB5_CONFIG=...kdc.conf) it becomes possible to do a strict separation of the meaning of the two files: krb5.conf configures the Kerberos library and kdc.conf is for KDC configuration. (Which is what I would like to have.) So my question is: is the configuration of KDC LDAP parameters in kdc.conf supported by MIT? (And should the documentation be fixed?) Regards, Mark Pröhl ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
