Problem solved, with slight concern. Apparently, the kerberos daemons read both /etc/krb5.conf and /usr/local/krb5/etc/krb5.conf. I always assumed one would take precedence over the other. On our KDC, /etc/krb5.conf was a link to /usr/local/krb5/etc/krb5.conf. After making /etc/krb5.conf a real file and removing /usr/local/krb5/etc/krb5.conf, we are now getting the correct logs (instead of doubled).
I'm not extremely familiar with the kerberos source tree yet, but it seems that profile_init (util/profile/prof_init.c) reads through every krb5.conf file in the DEFAULT_PROFILE_PATH (include/krb5/stock/osconf.h). What bothers me is that seeing the same [logging] section twice caused kerberos to log twice instead of overriding the settings it read from the first file. How can the default logging mechanism be set twice? Why is this even possible? What other problems could be caused by dual krb5.conf files? -Mike > A few months back we migrated our KDC over from HPUX to RedHat Linux 8.0. > Ever since the migration our krb5 daemons have been writing every message > to the log twice. > > We are using syslog for logging with this entry in krb5.conf: > > [logging] > default = SYSLOG:INFO:LOCAL6 > > And this entry in syslog.conf: > > local6.info /var/log/krb5.log > > I've only been able to find one reference for another person having a > similar problem from 6-7-2002, I've included that at the end of my > message. Anyone have any ideas? > > Thanks, > Mike > > > ----------------------------------------------- > Mike Dopheide [EMAIL PROTECTED] > Research Programmer 217-244-0299 > National Center for Supercomputing Applications > > > Previous post regarding same issue: > > From: Leonard J. Peirce ([EMAIL PROTECTED]) > Subject: Double log entries for V5 1.2.4 on Solaris 8 > This is the only article in this thread > View: Original Format > Newsgroups: comp.protocols.kerberos > Date: 2002-06-07 13:04:56 PST > > In our kdc and kadmin logs we're seeing exactly two copies of every > message > that gets logged. This has been happening for a while (I think back to > 1.2.2) > and while it doesn't really hurt anything it is getting annoying. Did we > do > something wrong when we built/configured things? This happens both with > FILE and SYSLOG. > > BTW, in case anyone is interested we did finally recover from the database > corruption problem that I posted about back in March. Many thanks to > Ken Raeburn for his helpful advice and patience. > > -- > Leonard J. Peirce Email: [EMAIL PROTECTED] > UNIX System Administrator > Western Michigan University > Office of Information Technology > Kalamazoo, MI 49008 Phone: (616) 387-5430 > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos > -- ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
