[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kpasswdd configuration question

"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:

> I have an inetd.conf entry I cribbed from NetBSD on the Solaris machine, vis:
> kpasswd         dgram   udp             wait    root
> /usr/heimdal/libexec/kpasswdd   kpasswdd
> (ignore line wrap)
> The man page is silent on the issue, but the web page notes say
> kpasswdd is not run from inetd.  Who's right?  NetBSD, or the web
> documentation, or does it depend?

NetBSD kpasswdd is patched to allow running from inetd. this patch was
never reintegratated in Heimdal. Heimdal requires you to run the the
kpasswdd as a server process.

> The kpasswdd man page mentions a keytab, but it's not mentioned in the
> web docs.  Does the daemon need a keytab?  If so I presume it's the
> kadmin/changepw principal that needs to go in it?  (And where's the
> keytab on NetBSD since I'm sure I never created one there.)

Yes, it for that reason. Default it reads the keytab from the "HDB:" keytab
(ie the database itself).

>>Did kpasswdd log anything ?
> I thought it was supposed to log the same default place as the kdc. I
> included that log.  Was there supposed to be more?

Maybe, but I don't know where, it logs to the "kpasswd" log facility
configuried in krb5.conf, or if its not, to syslog.


PGP signature