On Thu, 2011-06-16 at 04:53 -0400, Frank Dornheim wrote: > * Is the kdc.conf obsolete? > * Which config is the winner by a misconfiguration? > ' Which parts had to be in both configs (not the specific points - > the topics)?
Prior to krb5 1.6, each setting had to be put in the correct file (krb5.conf or kdc.conf). Since krb5 1.6, the way it works is now more flexible: * Client programs only read krb5.conf. * KDC-related programs read kdc.conf and then krb5.conf. As for which file wins, this is sort of a complicated question since profile variables can be multiply defined. Generally I think kdc.conf wins, because calling code tends to look at the first defined value of a profile variable. I'm not sure why mistakes in your kdc.conf didn't affect the operation of your setup. It is never strictly necessary to use a kdc.conf file. You might still want to do so in order that krb5.conf on your KDC can be the same as it is on client machines, instead of containing a merge of client and KDC settings. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
