> So, in /etc/krb5.conf you should have this:
> [hdb]
>     db-dir = /var/heimdal
> (or wherever you put your HDB)

Sure, and then it gets more and more confusing. I now start the
kdc and the kadmin with -c /etc/krb5.conf and have a symlink
in /var/heimdal/kdc.conf pointing to /etc/krb5.conf.

# /usr/heimdal-7.1.0/libexec/kdc  -c /etc/krb5.conf&
[1] 80459
# /usr/heimdal-7.1.0/bin/kadmin -l -c /etc/krb5.conf
kadmin> get *
kadmin: opening database: dbm_open(/var/heimdal/heimdal): No such file or 
kadmin: kadm5_get_principals: dbm_open(/var/heimdal/heimdal): No such file or 
kadmin> init TEST.PDC.KTH.SE
kadmin: hdb_open: hdb_open: failed initialize database /var/heimdal/heimdal

So kadmin is sure doing the wrong thing here 

# cat /etc/krb5.conf
  db-dir = /var/heimdal
  dbname = sqlite:/var/heimdal/mydb.sqlite
 database = {
    dbname = sqlite:/var/heimdal/mydb.sqlite
    realm = TEST.PDC.KTH.SE
 require_preauth = true
 enable-http = true
 tgt-use-strongest-session-key = true
 svc-use-strongest-session-key = true
 preauth-use-strongest-session-key = true
 use-strongest-server-key = true
 kdc_warn_pwexpire = 1w
 kdc = 0-/FILE:/var/heimdal/kdc.log
 default = 0-/FILE:/var/log/heimdal.log

Then I get the following logging from the kdc startup:

2016-12-28T13:57:20 label: default
2016-12-28T13:57:20     dbname: sqlite:/var/heimdal/mydb.sqlite
2016-12-28T13:57:20     mkey_file: sqlite:/var/heimdal/mydb.mkey
2016-12-28T13:57:20     acl_file: /var/heimdal/kadmind.acl

So the problem seems to be that I can not convince kadmin to open the
same database because I don't know what to write in the krb5.conf
to make that happen. I can verify with ktrace that /etc/krb5.conf
(see above) actually is read but then what logic is applied when
parsing - I have not found out how to follow that.


Reply via email to