[36930] in Kerberos
Re: specifying an alternate realm/krb5.conf configuration for
daemon@ATHENA.MIT.EDU (Todd Grayson)
Fri Apr 24 18:34:40 2015
MIME-Version: 1.0
In-Reply-To: <CAAd7auZArgt5ks8cnar91oWrmqPCDY-ON4P6GhvLvxJviswRdQ@mail.gmail.com>
From: Todd Grayson <tgrayson@cloudera.com>
Date: Fri, 24 Apr 2015 16:33:59 -0600
Message-ID: <CALNT6MVjke-oU_M-+Qt8GJa9ukEjVtgdTHxY4ju_aZR_t5XnEA@mail.gmail.com>
To: Ben H <bhendin@gmail.com>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Interesting, yeah I think you self resolved with what you did with
KRB5REALM.
On Fri, Apr 24, 2015 at 4:13 PM, Ben H <bhendin@gmail.com> wrote:
> Not exactly, though the answer to that use case might be the same.
>
> My use case is that my system was (is) a client of REALMA.COM.
> Now, I want to run a KDC on this same system to serve out REALMB.COM
>
> So, I can't change my /etc/krb5.conf file or else I would loose access to
> REALMA.COM
>
> I configure my kdc.conf file for REALMB, but when I start up krb5kdc I
> get:
>
> Starting Kerberos 5 KDC: krb5kdc: cannot initialize realm REALMA.COM -
> see log file for details
>
> I can get it working by doing two things:
> 1) modify my krb5.conf file for REALMB instead - if I do this, then my
> client functionality to REALMA breaks
> 2) Set KRB5REALM=REALMB in /etc/sysconfig/krb5kdc
>
> #2 is working for me, and is maybe the correct answer to this question.
> I was just surprised that the krb5kdc service would look to read data
> from krb5.conf instead of kdc.conf and, if it needs to do so, I would
> expect there is a better way to tell it to use an alternate file.
>
> I realize this isn't a common use scenario.
>
>
>
> On Fri, Apr 24, 2015 at 4:07 PM, Todd Grayson <tgrayson@cloudera.com>
> wrote:
>
>> Are you trying to run multiple realms (and db's) on the same KDC?
>>
>> On Fri, Apr 24, 2015 at 2:59 PM, Ben H <bhendin@gmail.com> wrote:
>>
>>> Sorry, I did mean kdc.conf - and on my implementation it is
>>> in /var/kerberos/krb5kdc.
>>>
>>> I do understand:
>>> kdc.conf = server config
>>> krb5.conf = client config
>>>
>>> But apparently when krb5kdc starts it also queries some data from
>>> /etc/krb5.conf (the default realm at least).
>>>
>>> I want it to look to a location other than /etc/krb5.conf for realm
>>> information (or anything else it might need from that file).
>>>
>>> thanks!
>>>
>>>
>>> On Fri, Apr 24, 2015 at 2:55 PM, Brandon Allbery <
>>> ballbery@sinenomine.net>
>>> wrote:
>>>
>>> > On Fri, 2015-04-24 at 14:44 -0500, Ben H wrote:
>>> > > Some searching I did indicated the possible existence of a "profile"
>>> > > directive in kdc5.conf to point to a different krb5.conf, but that
>>> > > didn't
>>> > > seem to work.
>>> >
>>> > It's just kdc.conf (not kdc5.conf) and it's usually kept in the KDC
>>> > private directory (/var/krb5kdc is common).
>>> >
>>> > --
>>> > brandon s allbery kf8nh sine nomine
>>> associates
>>> > allbery.b@gmail.com
>>> ballbery@sinenomine.net
>>> > unix openafs kerberos infrastructure xmonad
>>> http://sinenomine.net
>>> >
>>> > ________________________________________________
>>> > Kerberos mailing list Kerberos@mit.edu
>>> > https://mailman.mit.edu/mailman/listinfo/kerberos
>>> >
>>> ________________________________________________
>>> Kerberos mailing list Kerberos@mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>
>>
>>
>>
>> --
>> Todd Grayson
>> Customer Operations Engineering
>>
>>
>
--
Todd Grayson
Customer Operations Engineering
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
