[39503] in Kerberos
logging stanza in krb5.conf?
daemon@ATHENA.MIT.EDU (Dan Mahoney)
Wed Apr 16 23:41:23 2025
From: Dan Mahoney <danm@prime.gushi.org>
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.500.181.1.5\))
Message-Id: <C7C12A04-5FB8-4619-AF28-A73E731733C5@prime.gushi.org>
Date: Wed, 16 Apr 2025 20:40:45 -0700
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
All,
Maybe this is a docbug, but we had the following stanza in our krb5.conf, on our KDC's running MIT krb5 1.21.3 (FreeBSD pkg).
[logging]
kdc = FILE:/var/log/krb5kdc
admin_server = FILE:/var/log/kadmin
default = FILE:/var/log/krb5
And I recently discovered that the krb5kdc process wasn't reading/honoring those files, unless the statements were in kdc.conf.
In the documentation for krb5-devel (https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html#krb5-conf-5) krb5.conf doesn't have [logging] listed as a possible config section, but an older version (https://web.mit.edu/kerberos/krb5-1.4/krb5-1.4.1/doc/krb5-admin/krb5.conf.html#krb5.conf) does list that section. So clearly kdc.conf is the right place, and I'm updating our configs, since logging seems to do nothing in krb5.conf.
Can someone say when this changed? I don't see mention of it in the changelog.
-Dan
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
