control: tags -1 moreinfo
I took the following steps:
1) create a new sid chroot.
2) apt-get update
3) apt-get install krb5-user
As part of 3 krb5-config got installed and because of my DNS I was
prompted to configure my krb5.conf. I entered the realm I was going to
create (EXAMPLE.COM) but
None.
On Wed, Feb 11, 2015 at 11:19 AM, Sam Hartman hartm...@debian.org wrote:
Do you see any differences in /etc/krb5.conf or /etc/krb5kdc/kdc.conf in
the successful vs unsuccessful situations?
Do you see any differences in /etc/krb5.conf or /etc/krb5kdc/kdc.conf in
the successful vs unsuccessful situations?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Ben is correct. Installing krb5-{admin-server,kdc} in jessie will install
the database in /var/lib by default when no krb5-user package exists.
However, I was able to reproduce the problem of a database being installed
under /etc/krb5kdc three times in a row when the krb5-user package was
Is your realm actually called EXAMPLE.COM?
my guess is that somehow the realm in kdc.conf was incorrect and so that
stanza is not being used.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Tue, 10 Feb 2015, Erik Haller wrote:
What is telling kadmind to use the /etc/krb5kdc directory? configure script?
Because the /etc/krb5kdc/kdc.conf points - /var/lib and it runs just
fine with the databases under /etc.
Hmm,
Erik == Erik Haller erik.hal...@gmail.com writes:
Erik What is telling kadmind to use the /etc/krb5kdc directory?
Erik configure script? Because the /etc/krb5kdc/kdc.conf points -
Erik /var/lib and it runs just fine with the databases under
Erik /etc.
That's the big
Yeah, but the config file should override that.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
No, I cannot reproduce.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
What conf file is krb5_newrealm using? Message #40 shows it pointing to
/var/lib/
What is the long term goal here? Which files need to reside under
/etc/krb5kdc? Just the principle database, lock file? What about the
kadm5.acl and stash file? Are these variable enough to also reside
OK, so the default_realm in /etc/krb5.conf matches the realm in kdc.conf
and yet the kdc is not using /var/lib/krb5kdc.
Ben, any thoughts here?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
What is telling kadmind to use the /etc/krb5kdc directory? configure
script? Because the /etc/krb5kdc/kdc.conf points - /var/lib and it
runs just fine with the databases under /etc.
On 2/10/15 12:36 PM, Sam Hartman wrote:
The database (principal and principal.*) live under /var/lib.
The
No. I replaced the realm for the report.
On 2/10/15 9:38 AM, Sam Hartman wrote:
Is your realm actually called EXAMPLE.COM?
my guess is that somehow the realm in kdc.conf was incorrect and so that
stanza is not being used.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
Yes. The default realm is not EXAMPLE.COM.
The krb5_newrealm shows the problem. It's using /etc .
I have the .bash_history as root. I can give you the exact commands used
to installed kdc/krb5-admin-server. But if you run krb5_newrealm on your
server right now, it should reproduce /etc as the
The database (principal and principal.*) live under /var/lib.
The ACL and stash file live in /etc/krb5kdc.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Tue, 10 Feb 2015, Sam Hartman wrote:
Ben, any thoughts here?
I did some testing, and the krb5_newrealm in jessie produces my database
in /var/lib by default.
However, as Sam noted, if there is existing configuration in krb5.conf or
kdc.conf, that can causes different paths to be used.
Package: krb5-admin-server
Version: 1.12.1+dfsg-16
Severity: important
Tags: patch
The systemd krb5-admin-server.service file is missing the critical
directory /etc/krb5kdc used by kadmind in the ReadWriteDirectories stanza.
The kerberose default database location is created under /etc/krb5kdc.
Erik Haller erik.hal...@gmail.com writes:
Incidentally, the output from krb5_newrealm (latest version) shows:
root@lime:t# krb5_newrealm
This script should be run on the master KDC/admin server to initialize
a Kerberos realm. It will ask you to type in a master key password.
This password
The database was created fresh with krb5_newrealm in an lxc container. No
Kerberos KDC existed previously. I did not configure the database location
differently. This was my first Kerberos installation.
On Mon, Feb 9, 2015 at 9:52 PM, Russ Allbery r...@debian.org wrote:
Erik Haller
Erik erik.hal...@gmail.com writes:
The systemd krb5-admin-server.service file is missing the critical
directory /etc/krb5kdc used by kadmind in the ReadWriteDirectories
stanza. The kerberose default database location is created under
/etc/krb5kdc.
Er, it certainly shouldn't be. The
Erik Haller erik.hal...@gmail.com writes:
Yes. These files reside under /etc/krb5kdc:
principal
principal.kadm5
principal.kadm5.lock
principal.ok
kdc.conf
.k5.EXAMPLE.COM
Hm. When was this KDC created / initialized? (In other words, was it
just now set up fresh, or is this an existing
I setup kerberos a few months ago. My .bash_history file shows it was
installed with apt-get install krb5-admin-server The version of
krb5-admin-server was 1.12.1+dfsg-1 according to /var/log/apt.history. I
then installed krb5-kdc, dpkg-reconfigure -plow krb5-kdc, and then
configured with
/etc/krb5kdc/kdc.conf:
[kdcdefaults]
kdc_ports = 750,88
[realms]
EXAMPLE.COM = {
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
-- Forwarded message --
From: Erik Haller erik.hal...@gmail.com
Date: Mon, Feb 9, 2015 at 9:42 PM
Subject: Re: Bug#777579: krb5-admin-server: kadmind reports Insufficient
access to lock database
To: Russ Allbery r...@debian.org
Yes. These files reside under /etc/krb5kdc
24 matches
Mail list logo
