1. Forum
  2. USENET
  3. comp.protocols.kerberos

  • logging stanza in krb5.conf?

    From Dan Mahoney@danm@prime.gushi.org to kerberos on Wed Apr 16 20:40:45 2025
    From Newsgroup: comp.protocols.kerberos

    All,
    Maybe this is a docbug, but we had the following stanza in our krb5.conf, on our KDC's running MIT krb5 1.21.3 (FreeBSD pkg).
    [logging]
    kdc = FILE:/var/log/krb5kdc
    admin_server = FILE:/var/log/kadmin
    default = FILE:/var/log/krb5
    And I recently discovered that the krb5kdc process wasn't reading/honoring those files, unless the statements were in kdc.conf.
    In the documentation for krb5-devel (https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html#krb5-conf-5) krb5.conf doesn't have [logging] listed as a possible config section, but an older version (https://web.mit.edu/kerberos/krb5-1.4/krb5-1.4.1/doc/krb5-admin/krb5.conf.html#krb5.conf) does list that section. So clearly kdc.conf is the right place, and I'm updating our configs, since logging seems to do nothing in krb5.conf.
    Can someone say when this changed? I don't see mention of it in the changelog. -Dan
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From Lawrence D'Oliveiro@ldo@nz.invalid to comp.protocols.kerberos on Wed May 28 04:43:06 2025
    From Newsgroup: comp.protocols.kerberos

    On Wed, 16 Apr 2025 20:40:45 -0700, Dan Mahoney wrote:

    Maybe this is a docbug, but we had the following stanza in our
    krb5.conf, on our KDC's running MIT krb5 1.21.3 (FreeBSD pkg).

    [logging]
    kdc = FILE:/var/log/krb5kdc
    admin_server = FILE:/var/log/kadmin
    default = FILE:/var/log/krb5

    And I recently discovered that the krb5kdc process wasn't
    reading/honoring those files, unless the statements were in kdc.conf.

    IrCOm new to Kerberos, but all the docs IrCOve seen so far say it should go in krb5.conf, which I found surprising, since I thought all server-specific settings should go in kdc.conf.

    Glad to know the documentation is wrong, and the software is correct. ;)
    --- Synchronet 3.21d-Linux NewsLink 1.2