[37435] in Kerberos
Re: about the location of the log file in /etc/krb5.conf
daemon@ATHENA.MIT.EDU (Giuseppe Mazza)
Fri Feb 26 10:02:09 2016
To: gwenael.lebarzic@orange.com, Giuseppe Mazza <g.mazza@imperial.ac.uk>,
"kerberos@MIT.EDU" <kerberos@mit.edu>
From: Giuseppe Mazza <g.mazza@imperial.ac.uk>
Message-ID: <56D068CE.7070303@imperial.ac.uk>
Date: Fri, 26 Feb 2016 15:01:34 +0000
MIME-Version: 1.0
In-Reply-To: <17776_1456497300_56D06294_17776_3153_8_D57DFC2996DBE148B774CDB8FC054E93099694@OPEXCNORM61.corporate.adroot.infra.ftgroup>
Content-Type: text/plain; charset="windows-1252"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
I am afraid not..
root@mymaster:~# grep log /etc/krb5.conf
[login]
[logging]
kdc = FILE:/var/log/krb5kdc/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
root@mymaster:~# grep log /etc/krb5kdc/kdc.conf
root@mymaster:~#
When I set FILE:/var/log/krb5kdc.log only in /etc/krb5.conf
it used to work without problems.
Giuseppe
On 26/02/16 14:35, gwenael.lebarzic@orange.com wrote:
> Hey.
>
> Did you put also the log parameter in the kdc.conf file ?
>
> BR.
>
> -----Message d'origine-----
> De : kerberos-bounces@MIT.EDU [mailto:kerberos-bounces@MIT.EDU] De la part de Giuseppe Mazza
> Envoyé : vendredi 26 février 2016 15:20
> À : kerberos@MIT.EDU
> Objet : Re: about the location of the log file in /etc/krb5.conf
>
> Sorry, I forgot to say that I have put in place the the rotation below:
>
> root@mymaster:/# cat /etc/logrotate.d/krb5kdc /var/log/krb5kdc/krb5kdc.log {
> rotate 120
> monthly
> compress
> missingok
> notifempty
> }
>
>
>
> Incidentally the reason why I want to do that is that the log file /var/log/krb5kdc.log gets too big.
> My setup is as follows: users are created in the College Windows AD and there is an inter-realm trust between the Windows DCs and our departmental Linux kerberos servers.
>
> So I get a lot of entries such as
> ===
> Feb 26 14:06:00 mymaster.doc.ic.ac.uk krb5kdc[43052](info): AS_REQ (9 etypes {18 17 16 23 25 26 1 3 2}) __an_ip_address__: CLIENT_NOT_FOUND:
> a_user@DOC.IC.AC.UK for <unknown server>, Client not found in Kerberos database ===
>
>
>
> Regards,
> Giuseppe
>
>
>
>
> On 26/02/16 11:22, Giuseppe Mazza wrote:
>> Hi there,
>>
>> I have got the following problem. If I change the location of the log
>> file in /etc/krb5.conf from /var/log/krb5kdc.log
>> to /var/log/krb5kdc/krb5kdc.log
>> i.e.
>> root@mymaster:/var/log# grep krb5kdc /etc/krb5.conf
>> kdc = FILE:/var/log/krb5kdc/krb5kdc.log
>>
>> then the new log file /var/log/krb5kdc/krb5kdc.log is empty.
>>
>> root@mymaster:/var/log# ls -ld /var/log/krb5kdc drwxr-xr-x 2 root root
>> 24 Feb 26 09:45 /var/log/krb5kdc root@mymaster:/var/log# ls -lh
>> /var/log/krb5kdc/krb5kdc.log
>> -rw-r--r-- 1 root root 0 Feb 25 14:30 /var/log/krb5kdc/krb5kdc.log
>>
>> In other words I make the change, restart the service krb5-kdc, I can
>> see entries in "tail -f /var/log/krb5kdc/krb5kdc.log"
>> coming in, but when I Ctrl-c "tail -f /var/log/krb5kdc/krb5kdc.log"
>> the file /var/log/krb5kdc/krb5kdc.log is empty.
>>
>>
>> root@mymaster:/# aptitude show krb5-kdc | grep Version
>> Version: 1.12+dfsg-2ubuntu5.2
>>
>> Any idea?
>>
>> Kind regards,
>> Giuseppe
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
