control: tags -1 moreinfo
I took the following steps:
1) create a new sid chroot.
2) apt-get update
3) apt-get install krb5-user
As part of 3 krb5-config got installed and because of my DNS I was
prompted to configure my krb5.conf. I entered the realm I was going to
create (EXAMPLE.COM) but
None.
On Wed, Feb 11, 2015 at 11:19 AM, Sam Hartman wrote:
> Do you see any differences in /etc/krb5.conf or /etc/krb5kdc/kdc.conf in
> the successful vs unsuccessful situations?
>
Do you see any differences in /etc/krb5.conf or /etc/krb5kdc/kdc.conf in
the successful vs unsuccessful situations?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Ben is correct. Installing krb5-{admin-server,kdc} in jessie will install
the database in /var/lib by default when no krb5-user package exists.
However, I was able to reproduce the problem of a database being installed
under /etc/krb5kdc three times in a row when the krb5-user package was
installed
On Tue, 10 Feb 2015, Sam Hartman wrote:
> Ben, any thoughts here?
I did some testing, and the krb5_newrealm in jessie produces my database
in /var/lib by default.
However, as Sam noted, if there is existing configuration in krb5.conf or
kdc.conf, that can causes different paths to be used.
Addi
Yeah, but the config file should override that.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> "Erik" == Erik Haller writes:
Erik> What is telling kadmind to use the /etc/krb5kdc directory?
Erik> configure script? Because the /etc/krb5kdc/kdc.conf points ->
Erik> /var/lib and it runs just fine with the databases under
Erik> /etc.
That's the big question, yes.
T
On Tue, 10 Feb 2015, Erik Haller wrote:
> What is telling kadmind to use the /etc/krb5kdc directory? configure script?
> Because the /etc/krb5kdc/kdc.conf points -> /var/lib and it runs just
> fine with the databases under /etc.
Hmm,
http://anonscm.debian.org/cgit/pkg-k5-afs/debian-krb5-2013
What is telling kadmind to use the /etc/krb5kdc directory? configure
script? Because the /etc/krb5kdc/kdc.conf points -> /var/lib and it
runs just fine with the databases under /etc.
On 2/10/15 12:36 PM, Sam Hartman wrote:
The database (principal and principal.*) live under /var/lib.
The
The database (principal and principal.*) live under /var/lib.
The ACL and stash file live in /etc/krb5kdc.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
What conf file is krb5_newrealm using? Message #40 shows it pointing to
/var/lib/
What is the long term goal here? Which files need to reside under
/etc/krb5kdc? Just the principle database, lock file? What about the
kadm5.acl and stash file? Are these variable enough to also reside under
No, I cannot reproduce.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Yes. The default realm is not EXAMPLE.COM.
The krb5_newrealm shows the problem. It's using /etc .
I have the .bash_history as root. I can give you the exact commands used
to installed kdc/krb5-admin-server. But if you run krb5_newrealm on your
server right now, it should reproduce /etc as the
OK, so the default_realm in /etc/krb5.conf matches the realm in kdc.conf
and yet the kdc is not using /var/lib/krb5kdc.
Ben, any thoughts here?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
No. I replaced the realm for the report.
On 2/10/15 9:38 AM, Sam Hartman wrote:
Is your realm actually called EXAMPLE.COM?
my guess is that somehow the realm in kdc.conf was incorrect and so that
stanza is not being used.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
w
Is your realm actually called EXAMPLE.COM?
my guess is that somehow the realm in kdc.conf was incorrect and so that
stanza is not being used.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
/etc/krb5kdc/kdc.conf:
[kdcdefaults]
kdc_ports = 750,88
[realms]
EXAMPLE.COM = {
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
kdc_ports
Erik Haller writes:
> Incidentally, the output from krb5_newrealm (latest version) shows:
> root@lime:t# krb5_newrealm
> This script should be run on the master KDC/admin server to initialize
> a Kerberos realm. It will ask you to type in a master key password.
> This password will be used to g
The database was created fresh with krb5_newrealm in an lxc container. No
Kerberos KDC existed previously. I did not configure the database location
differently. This was my first Kerberos installation.
On Mon, Feb 9, 2015 at 9:52 PM, Russ Allbery wrote:
> Erik Haller writes:
>
> > Yes. These f
I setup kerberos a few months ago. My .bash_history file shows it was
installed with "apt-get install krb5-admin-server" The version of
krb5-admin-server was 1.12.1+dfsg-1 according to /var/log/apt.history. I
then installed krb5-kdc, "dpkg-reconfigure -plow krb5-kdc", and then
configured with "krb5
Erik Haller writes:
> Yes. These files reside under /etc/krb5kdc:
> principal
> principal.kadm5
> principal.kadm5.lock
> principal.ok
> kdc.conf
> .k5.EXAMPLE.COM
Hm. When was this KDC created / initialized? (In other words, was it
just now set up fresh, or is this an existing Kerberos KDC th
-- Forwarded message --
From: Erik Haller
Date: Mon, Feb 9, 2015 at 9:42 PM
Subject: Re: Bug#777579: krb5-admin-server: kadmind reports Insufficient
access to lock database
To: Russ Allbery
Yes. These files reside under /etc/krb5kdc:
principal
principal.kadm5
principal.kadm5
Erik writes:
> The systemd krb5-admin-server.service file is missing the critical
> directory /etc/krb5kdc used by kadmind in the ReadWriteDirectories
> stanza. The kerberose default database location is created under
> /etc/krb5kdc.
Er, it certainly shouldn't be. The Kerberos KDC database goe
Package: krb5-admin-server
Version: 1.12.1+dfsg-16
Severity: important
Tags: patch
The systemd krb5-admin-server.service file is missing the critical
directory /etc/krb5kdc used by kadmind in the ReadWriteDirectories stanza.
The kerberose default database location is created under /etc/krb5kdc.
Th
24 matches
Mail list logo
