[33102] in Kerberos
Re: Kerberos+LDAP: kadmin.local and kadmin show different principals
daemon@ATHENA.MIT.EDU (Nick Triantos)
Thu Jan 13 16:31:30 2011
Mime-Version: 1.0 (Apple Message framework v1082)
From: Nick Triantos <nick@triantos.com>
In-Reply-To: <1294897372.2456.439.camel@ray>
Date: Thu, 13 Jan 2011 09:20:55 -0800
Message-Id: <265C6FC9-AA39-4CEB-94E6-B4D0A5D2ABDC@triantos.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Thank you so much! That was exactly the problem... I must not have restarted kadmind.
best,
-Nick
On Jan 12, 2011, at 9:42 PM, Greg Hudson wrote:
> On Thu, 2011-01-13 at 00:18 -0500, Nick Triantos wrote:
>> Does kadmin expect different parameters to be set in krb5.conf than
>> kadmin.local would? The man page implies the two behave very
>> similarly.
>
> Is there any possibility that the second search tree was added to
> krb5.conf since kadmind was last started? Put another way, if you
> restart kadmind, does the problem go away?
>
> If that's not it, then it's possible that there's a bug here, but I
> can't imagine off the top of my head what it would look like. There are
> three layers of common libraries between kadmind/kadmin.local and the
> accesses to the LDAP server, and it would be odd for both tools to
> succeed but interpret the same profile settings differently.
>
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
