> So, in /etc/krb5.conf you should have this:
>
> [hdb]
> db-dir = /var/heimdal
>
> (or wherever you put your HDB)
Sure, and then it gets more and more confusing. I now start the
kdc and the kadmin with -c /etc/krb5.conf and have a symlink
in /var/heimdal/kdc.conf pointing to /etc/krb5.conf.
# /usr/heimdal-7.1.0/libexec/kdc -c /etc/krb5.conf&
[1] 80459
# /usr/heimdal-7.1.0/bin/kadmin -l -c /etc/krb5.conf
kadmin> get *
kadmin: opening database: dbm_open(/var/heimdal/heimdal): No such file or
directory
kadmin: kadm5_get_principals: dbm_open(/var/heimdal/heimdal): No such file or
directory
kadmin> init TEST.PDC.KTH.SE
kadmin: hdb_open: hdb_open: failed initialize database /var/heimdal/heimdal
kadmin>
So kadmin is sure doing the wrong thing here
# cat /etc/krb5.conf
[hdb]
db-dir = /var/heimdal
dbname = sqlite:/var/heimdal/mydb.sqlite
[kdc]
database = {
dbname = sqlite:/var/heimdal/mydb.sqlite
realm = TEST.PDC.KTH.SE
}
require_preauth = true
enable-http = true
tgt-use-strongest-session-key = true
svc-use-strongest-session-key = true
preauth-use-strongest-session-key = true
use-strongest-server-key = true
kdc_warn_pwexpire = 1w
[logging]
kdc = 0-/FILE:/var/heimdal/kdc.log
kdc = 0-/SYSLOG:INFO:USER
default = 0-/FILE:/var/log/heimdal.log
Then I get the following logging from the kdc startup:
2016-12-28T13:57:20 label: default
2016-12-28T13:57:20 dbname: sqlite:/var/heimdal/mydb.sqlite
2016-12-28T13:57:20 mkey_file: sqlite:/var/heimdal/mydb.mkey
2016-12-28T13:57:20 acl_file: /var/heimdal/kadmind.acl
So the problem seems to be that I can not convince kadmin to open the
same database because I don't know what to write in the krb5.conf
to make that happen. I can verify with ktrace that /etc/krb5.conf
(see above) actually is read but then what logic is applied when
parsing - I have not found out how to follow that.
Harald.
