Not exactly, though the answer to that use case might be the same. My use case is that my system was (is) a client of REALMA.COM. Now, I want to run a KDC on this same system to serve out REALMB.COM
So, I can't change my /etc/krb5.conf file or else I would loose access to REALMA.COM I configure my kdc.conf file for REALMB, but when I start up krb5kdc I get: Starting Kerberos 5 KDC: krb5kdc: cannot initialize realm REALMA.COM - see log file for details I can get it working by doing two things: 1) modify my krb5.conf file for REALMB instead - if I do this, then my client functionality to REALMA breaks 2) Set KRB5REALM=REALMB in /etc/sysconfig/krb5kdc #2 is working for me, and is maybe the correct answer to this question. I was just surprised that the krb5kdc service would look to read data from krb5.conf instead of kdc.conf and, if it needs to do so, I would expect there is a better way to tell it to use an alternate file. I realize this isn't a common use scenario. On Fri, Apr 24, 2015 at 4:07 PM, Todd Grayson <tgray...@cloudera.com> wrote: > Are you trying to run multiple realms (and db's) on the same KDC? > > On Fri, Apr 24, 2015 at 2:59 PM, Ben H <bhen...@gmail.com> wrote: > >> Sorry, I did mean kdc.conf - and on my implementation it is >> in /var/kerberos/krb5kdc. >> >> I do understand: >> kdc.conf = server config >> krb5.conf = client config >> >> But apparently when krb5kdc starts it also queries some data from >> /etc/krb5.conf (the default realm at least). >> >> I want it to look to a location other than /etc/krb5.conf for realm >> information (or anything else it might need from that file). >> >> thanks! >> >> >> On Fri, Apr 24, 2015 at 2:55 PM, Brandon Allbery <ballb...@sinenomine.net >> > >> wrote: >> >> > On Fri, 2015-04-24 at 14:44 -0500, Ben H wrote: >> > > Some searching I did indicated the possible existence of a "profile" >> > > directive in kdc5.conf to point to a different krb5.conf, but that >> > > didn't >> > > seem to work. >> > >> > It's just kdc.conf (not kdc5.conf) and it's usually kept in the KDC >> > private directory (/var/krb5kdc is common). >> > >> > -- >> > brandon s allbery kf8nh sine nomine associates >> > allber...@gmail.com >> ballb...@sinenomine.net >> > unix openafs kerberos infrastructure xmonad >> http://sinenomine.net >> > >> > ________________________________________________ >> > Kerberos mailing list Kerberos@mit.edu >> > https://mailman.mit.edu/mailman/listinfo/kerberos >> > >> ________________________________________________ >> Kerberos mailing list Kerberos@mit.edu >> https://mailman.mit.edu/mailman/listinfo/kerberos >> > > > > -- > Todd Grayson > Customer Operations Engineering > > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
