[2964] in Kerberos
default realm in Kerberos V kadmind
daemon@ATHENA.MIT.EDU (Joanne Perra)
Thu Jan 6 12:09:58 1994
Date: Thu, 6 Jan 94 08:54:44 PST
From: perra@lorien.ocf.llnl.gov (Joanne Perra)
To: kerberos@MIT.EDU
Cc: whrahe@sandia.gov, gmachin@somnet.sandia.gov, athey@lorien.ocf.llnl.gov
I am using the -r option when launching kadmind to specify the realm name
so it will override the default realm in the krb.conf file like
this:
kadmind -r TEST.LLNL.GOV
In the file adm_server.c, in init_db(), the ticket-granting service name is
assembled using the string "krbtgt" and "/" and the masterkey's realm data,
which is "TEST.LLNL.GOV".
The ticket-granting service name is therefore "krbtgt/TEST.LLNL.GOV"
This name is then parsed with krb5_parse_name and no realm is found
because there is no "@" or anything else after it.
Next, it calls krb5_get_default_realm to get a realm from the krb.conf file
(which is what I was trying to avoid with the "-r" option)
and tacks it onto the name of the server to create:
krbtgt/TEST.LLNL.GOV@LC.LLNL.GOV
This server is of course not found in the database and the error message:
"kadmind: Server not found in Kerberos database while initializing database"
is displayed.
Does anyone know if there is any reason for this behavior? I would like to know
before I modify kadmind to use the realm given in the -r option for both the
ticket construction and the realm name (the one after the @).
Thanks.
Joanne Perra
perra1@llnl.gov
