I've done a manual interactive install `sudo apt install krb5-config` and dumped the config values like so
printf '\ec'; sudo debconf-get-selections | grep -i krb5-config Notibly, the `krb5-config/kerberos_servers` and `krb5-config/admin_server` are both empty strings from debconf-get-selections, that seems incorrect to me. Anyway, i correct the blank entries and prepended each like with `d-i ` and plopped it into my preseed file like so, krb5-config inherited by the libpam-krb5 package dependency chain. # ... d-i pkgsel/include string [...] libpam-krb5 libpam-ccreds d-i pkgsel/upgrade select full-upgrade # Auth d-i krb5-config/add_servers_realm string KDC.EXAMPLE.ORG d-i krb5-config/add_servers boolean true d-i krb5-config/read_conf boolean true d-i krb5-config/kerberos_servers string example d-i krb5-config/admin_server string example d-i krb5-config/default_realm string KDC.EXAMPLE.ORG # ... where `example` resolves to my primary kdc and admin server. In this case I've tried with `krb5-config/read_conf` set to `true` and `false`. Both cases the resulting installation's `/etc/krb5.conf` has the default_realm populated correctly, but the custom ream has not been added. It was my understanding that supply debconf values ahead of time would behave exactly like supplying them when prompted interactively. This appears to be inconsistent. This bug thread is the closest thing I've found to a lead; while I could handle the realm addition as a postinstall rind replace It seems like there is indeed a bug in how krb5-config determines if it should add a realm, I assumed krb5-config krb5-config/add_servers boolean true is pretty darn clear that server should be added and under the ream declared for this purpose krb5-config krb5-config/add_servers_realm string KDC.EXAMPLE.ORG If nothing else it should be a bug that debconf's selections don't remember user provided values, and that declaring theses values can be ignored in a matter unlike the interactive prompt. I took a peak at the `kerberos-configs-2.3/krb5-config.in` script, admittedly I don't speak perl. I see a lot of confusing logic operations, guessing a domain appears to be the primary operation. And the literal realm addition seem to be held behind a cascade of confusing-to-me subroutines, and I'm not really sure how to approach debugging this script. As an uniformed observer trying to use the software I suggest considering an explicit "add the thing" debconf key boolean key, and an explciit "dont guess" boolean key so we can deploy realm membership automatically # For example, I feel were missing something like this: krb5-config krb5-config/add_realm boolean true krb5-config krb5-config/attempt_guess boolean false Although this is still a confusing interface to me as now there are multiple "please add the thing" keys that must be true for the thing to be added, there should be one and only one obvious way to get your realm added to the config with native machinery; I dont know, is there a good way to respect the `krb5-config/add_servers` key? Maybe an "attempt_guess boolean false" would be enough? I'm really not sure how to proceed. Is this a bug that can get fixed or do I need to develop a workaround and not use the Debian packaging tooling that I'm so fond of. Thank you for all your great work <3