[Bug 452461] Re: Cannot elide admin_servers from debconf config

[Daniel Richard G.]

Sorry for not following up sooner.

I want to set up my /etc/krb5.conf file via debconf, as is currently
implemented, but I want to do things a little differently from what the
scripts have been written to do.

Normally, you'd specify something like this in debconf:

    krb5-config/kerberos_servers: server1.realm.com server2.realm.com
    krb5-config/default_realm: REALM.COM
    krb5-config/admin_server: admin-server.realm.com

Which would result in a clause in /etc/krb5.conf like

    [realms]
	REALM.COM = {
		kdc = server1.realm.com
		kdc = server2.realm.com
		admin_server = admin-server.realm.com
	}

But I want a krb5.conf clause that *does not specify* an "admin_server",
only "kdc"s. (I want to use an explicitly specified KDC, but allow the
Kerberos admin server to be located via DNS.)

Presumably, you would set an empty value for admin_server in debconf,
and the scripts would give the desired result. But at present, an empty
admin_server value causes the "REALM.COM = { ... }" clause not to be
generated *at all*. It's the same behavior you get if you enable the
debconf krb5-config/dns_for_default option.

The bug is that debconf will process only both items (kdc +
admin_server) or none, where it should be allowing the flexibility to
use just one or the other.

-- 
Cannot elide admin_servers from debconf config
https://bugs.launchpad.net/bugs/452461
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to kerberos-configs in ubuntu.