On Thu, 17 Sep 2015, Andreas Tille wrote: > Package: krb5-user > Severity: wishlist > > Hi, > > if I call kadmin after adding those parameters to /etc/krb5.conf that > should be sufficient to my understanding I get: > > > kadmin -p admin/admin > Authenticating as principal admin/admin with password. > kadmin: Missing parameters in krb5.conf required for kadmin client while > initializing kadmin interface > > > It would really help if kadmin would tell the user *what* parameters are > missing to simplify providing this parameter.
I agree, and I thought that I had asked about this with upstream before, but I can't find a record of it, so maybe I did not actually ask. In any case, I remember getting an answer that by the time the error was propagated up the stack to where an error could be printed, knowledge of the actual missing piece(s) of configuration information was lost. Perhaps it would be possible to add tracepoints for KRB5_TRACE, though -- I'll check with upstream. In any case, the pieces of information needed are the realm, the hostname of the kadmin server, and the port if non-default. If you are interested in debugging your specific case (as opposed to just requesting the additional diagnostic), is there a hang before the error is printed? Can you supply the krb5.conf (and kdc.conf, if applicable) from the system in question? -Ben Kaduk
