Interesting, yeah I think you self resolved with what you did with KRB5REALM.
On Fri, Apr 24, 2015 at 4:13 PM, Ben H <bhen...@gmail.com> wrote: > Not exactly, though the answer to that use case might be the same. > > My use case is that my system was (is) a client of REALMA.COM. > Now, I want to run a KDC on this same system to serve out REALMB.COM > > So, I can't change my /etc/krb5.conf file or else I would loose access to > REALMA.COM > > I configure my kdc.conf file for REALMB, but when I start up krb5kdc I > get: > > Starting Kerberos 5 KDC: krb5kdc: cannot initialize realm REALMA.COM - > see log file for details > > I can get it working by doing two things: > 1) modify my krb5.conf file for REALMB instead - if I do this, then my > client functionality to REALMA breaks > 2) Set KRB5REALM=REALMB in /etc/sysconfig/krb5kdc > > #2 is working for me, and is maybe the correct answer to this question. > I was just surprised that the krb5kdc service would look to read data > from krb5.conf instead of kdc.conf and, if it needs to do so, I would > expect there is a better way to tell it to use an alternate file. > > I realize this isn't a common use scenario. > > > > On Fri, Apr 24, 2015 at 4:07 PM, Todd Grayson <tgray...@cloudera.com> > wrote: > >> Are you trying to run multiple realms (and db's) on the same KDC? >> >> On Fri, Apr 24, 2015 at 2:59 PM, Ben H <bhen...@gmail.com> wrote: >> >>> Sorry, I did mean kdc.conf - and on my implementation it is >>> in /var/kerberos/krb5kdc. >>> >>> I do understand: >>> kdc.conf = server config >>> krb5.conf = client config >>> >>> But apparently when krb5kdc starts it also queries some data from >>> /etc/krb5.conf (the default realm at least). >>> >>> I want it to look to a location other than /etc/krb5.conf for realm >>> information (or anything else it might need from that file). >>> >>> thanks! >>> >>> >>> On Fri, Apr 24, 2015 at 2:55 PM, Brandon Allbery < >>> ballb...@sinenomine.net> >>> wrote: >>> >>> > On Fri, 2015-04-24 at 14:44 -0500, Ben H wrote: >>> > > Some searching I did indicated the possible existence of a "profile" >>> > > directive in kdc5.conf to point to a different krb5.conf, but that >>> > > didn't >>> > > seem to work. >>> > >>> > It's just kdc.conf (not kdc5.conf) and it's usually kept in the KDC >>> > private directory (/var/krb5kdc is common). >>> > >>> > -- >>> > brandon s allbery kf8nh sine nomine >>> associates >>> > allber...@gmail.com >>> ballb...@sinenomine.net >>> > unix openafs kerberos infrastructure xmonad >>> http://sinenomine.net >>> > >>> > ________________________________________________ >>> > Kerberos mailing list Kerberos@mit.edu >>> > https://mailman.mit.edu/mailman/listinfo/kerberos >>> > >>> ________________________________________________ >>> Kerberos mailing list Kerberos@mit.edu >>> https://mailman.mit.edu/mailman/listinfo/kerberos >>> >> >> >> >> -- >> Todd Grayson >> Customer Operations Engineering >> >> > -- Todd Grayson Customer Operations Engineering ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
