[36931] in Kerberos
Re: specifying an alternate realm/krb5.conf configuration for
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Apr 24 18:45:46 2015
Message-ID: <553AC78A.7080306@mit.edu>
Date: Fri, 24 Apr 2015 18:45:30 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Ben H <bhendin@gmail.com>, kerberos@mit.edu
In-Reply-To: <CAAd7aubTkeqHRU0U=dVSfHp0qbrqn4=WjW66u1vx6_OgYRWgdw@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 04/24/2015 03:44 PM, Ben H wrote:
> From a client perspective, if I want to switch to using a different
> krb5.conf file, I just use:
>
> export KRB5_CONFIG=/etc/alternate-krb5.conf
>
> But the server will always try to use /etc/krb5.conf
The expected behavior is:
* Every process uses $KRB5_CONFIG, defaulting to /etc/krb5.conf.
* KDC-ish processes (krb5kdc, kadmind, kdb5_util, etc.) also use
$KRB5_KDC_PROFILE, defaulting to something like /var/krb5kdc/kdc.conf.
If both files exist, the contents are merged, with the values from
krb5.conf usually taking precedence (but we're not 100% consistent about
that).
krb5kdc accepts a -r flag telling it what realm(s) to serve, so you may
not need to point it at a config file giving a different default_realm
value.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
