Hello all, I'm trying to replicate my Ubuntu kerberos servers in FreeBSD 11.2 as I move things from AWS to Digital Ocean. I'm using 1.16 in both places, but on FreeBSD the programmes do not seem to honour the database_name field in kdc.conf. Not in the [realms] section, nor in the [dbmodules] section.
Using kdb5_util will create the database files in the proper spot if you use the -d option, but when one tries to use kadmin.local, or start the kadmind server, they complain about the database not being found in the default location (/usr.local.var/krb5kdc). I need this feature because I run multiple realms. Has anybody gotten this work on FreeBSD? Thanks in advance. My /usr/local/etc/krb5kdc/kdc.conf: [kdcdefaults] kdc_ports = 750,88 default_realm = CORY.ALBRECHT.NAME allow_weak_crypto = true ticket_lifetime = 7d 0h 0m 0s renew_lifetime = 60d 0h 0m 0s [realms] HANFASTOLFE.COM = { database_name = /usr/local/var/krb5kdc/hanfastolfe.com/principal admin_keytab = FILE:/usr/local/etc/krb5kdc/hanfastolfe.com/kadm5.keytab acl_file = /usr/local/etc/krb5kdc/hanfastolfe.com/kadm5.acl key_stash_file = /usr/local/etc/krb5kdc/hanfastolfe.com/stash admin_server = authns1.do.hanfastolfe.com master_kdc = authns1.do.hanfastolfe.com kdc = authns1.do.hanfastolfe.com default_domain = hanfastolfe.com kdc_ports = 750,88 max_life = 60d 0h 0m 0s max_renewable_life = 60d 0h 0m 0s master_key_type = des3-hmac-sha1 #supported_enctypes = aes256-cts:normal aes128-cts:normal default_principal_flags = +preauth } CORY.ALBRECHT.NAME = { database_name = /usr/local/var/krb5kdc/cory.albrecht.name/principal admin_keytab = FILE:/usr/local/etc/krb5kdc/cory.albrecht.name/kadm5.keytab acl_file = /usr/local/etc/krb5kdc/cory.albrecht.name/kadm5.acl key_stash_file = /usr/local/etc/krb5kdc/cory.albrecht.name/stash admin_server = authns1.do.hanfastolfe.com master_kdc = authns1.do.hanfastolfe.com kdc = authns1.do.hanfastolfe.com kdc_ports = 750,88 max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s master_key_type = des3-hmac-sha1 #supported_enctypes = aes256-cts:normal aes128-cts:normal default_principal_flags = +preauth } [logging] default = FILE:/var/log/krb5/krb5.log kdc = FILE:/var/log/krb5/kdc.log admin_server = FILE:/var/log/krb5/kadmin.log [dbmodules] HANFASTOLFE.COM = { database_name = /usr/local/var/krb5kdc/hanfastolfe.com/principal db_library = db2 } CORY.ALBRECHT.NAME = { database_name = /usr/local/var/krb5kdc/cory.albrecht.name/principal db_library = db2 } ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos