Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Machines that have broken down will work perfectly when the repairman arrives.


computers / comp.protocols.kerberos / Re: Server settings from /etc/krb5.conf used despite KRB5_CONFIG set

SubjectAuthor
o Re: Server settings from /etc/krb5.conf used despite KRB5_CONFIG setAndrej Mikus

1
Subject: Re: Server settings from /etc/krb5.conf used despite KRB5_CONFIG set
From: Andrej Mikus
Newsgroups: comp.protocols.kerberos
Organization: TNet Consulting
Date: Mon, 16 May 2022 06:05 UTC
References: 1 2 3
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!feed1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: a-krb5u...@mikus.sk (Andrej Mikus)
Newsgroups: comp.protocols.kerberos
Subject: Re: Server settings from /etc/krb5.conf used despite KRB5_CONFIG set
Date: Mon, 16 May 2022 08:05:11 +0200
Organization: TNet Consulting
Lines: 22
Message-ID: <mailman.67.1652681120.8148.kerberos@mit.edu>
References: <20220509190346.GA1253591@mikus.sk>
<1DAF1488-496C-4D0F-ABB3-DECBCF73CF7E@gmail.com>
<20220516060511.GA1295866@mikus.sk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="4456"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: <kerberos@mit.edu>
To: John Devitofranceschi <john.devitofranceschi@gmail.com>
Authentication-Results: mit.edu;
dmarc=none (p=none dis=none) header.from=mikus.sk
Authentication-Results: mit.edu; arc=pass
ARC-Seal: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1652681119; cv=pass;
b=TYwbZkvg9SVNeF7F9RsBcqeHOGy8oroN5CVXtBwThHZIl8SHPyccFCAWdQjW5YYYeVTCPWwlJrXBMpuh5OJ/xxdmgYXIEWv4akGZbkE1KFG8cCWXWTdUWb2W8yT4TW9vm451EB0wphZ+esNJ48UzdJqpuv2lEme/IBVnDu4ZtxGrqNlgS2ENWKWMB6UuAizk4JEfm2Lbhdz25Z3Z4OpN2Tr/R3lNPNqDkNC1qhtqogLSkWv243vBtAQF+IyP08efSwMvFXcwDQbAECXHZj5ggZX8gxPVq2yZpT8MiK21b+w8Lo5EDeJnB5NOC17c6/JpOAz4WRg+wTCPBvHU+MmVVg==
ARC-Message-Signature: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1652681119;
c=relaxed/relaxed; bh=3Ic6kIS5htoW3t8fEDYxpU/v26NB5irRjt9EhH3b2WU=;
h=Date:From:Subject:Message-ID:MIME-Version:Content-Type;
b=cV9vq9jA/fu4ouvLaHZx1y9JiAbbAu61sCmC/r/q3ukuP9J7zuFLlVuvjeOnzUNC8vRXCSNyP/Nr4Hk1S/mh1p9gM+9PFjVZ2KbX8pTnlFOUrz80QN1FLLS9w69jSkOeMP1pvAy+SG9wHcV1p0xSdDo9CXk9BXQhalGdWQTq58Lzr9TKxQjuDt6fu9hURmz/P7qrjir1YvK9GTecXgOHZx8+1f5CWPxTOC8Urwv5NwXzSnfaR01YM0khFVB7TzbJeUjBcQTa5zLDRor65stEGdUcv/mPN5duHXxz4WG1FVrJXfvyKL8ESbf3F+v5S2dztHAc9OOzq2zf5vkkW0Zunw==
ARC-Authentication-Results: i=2; mit.edu; dkim=pass (1024-bit key)
header.d=mitprod.onmicrosoft.com header.i=@mitprod.onmicrosoft.com
header.b=abpa4V6z; arc=pass
Authentication-Results: mit.edu;
dkim=pass (1024-bit key) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.b=abpa4V6z
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=LaGxlxe5tILRA8hDWBr3/HmTe76qpEnASGrhOetMRT6WoJKrU+3nPkxo6sLGuqAebj2MjQ8n3qVNESetmnE3/pesgm1hjHglRPfZNrN4929HaD5DBl566QB7S1UNWJoRH3y1ikQlQlW0lMMv6omiGzJgQ4afNiBFf+yqTxayOkyoHuY6hCTHl9lW28qb0oB4wJOxksqalVYw3q10PSIW5IwtR4FIW/pITQ1ACahG/BTdt/qRjv9nzCvY1QD/1FxQlUi4EtumAIFUSmGH31bmUx4dk3jG1hoOYFfbvf67NVRvlx3ESFaCcuxAscHoQQ68C+JoYbclh65UWEHf6YvZiQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=3Ic6kIS5htoW3t8fEDYxpU/v26NB5irRjt9EhH3b2WU=;
b=B0ZJ2ko8QEbKYIxlif7aDSJOPYgrs5GJJ1hzprvnTP8ZuLO/G6psw8QTepxTl+I0c/wDi1mwigjULUWBhkQ1tPZ3AnQKttMmuQ416WGyt2TWRx9J3KhLYrcDJZf7nEJqQUD1O0H341X92UbE248/D8Xrd2bZTuu6bcvepy09OfVJdP64xssdSikmGISo4oqxzoIaudb5Ie121XsOho173SnNTisvKzhhPzQyaq+ZaLRE2yi1Q5ozo1fgbxUE3dUAoF3dbdoxNnxxOjFf+7cf6egxEYGIGoHwjD3SL2lJzU/NyZzCxD6Z0u9G9VbWZ9QBehcBTH0ilH2qyUVbxkW8Jw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
185.50.213.245) smtp.rcpttodomain=mit.edu smtp.mailfrom=mikus.sk;
dmarc=bestguesspass action=none header.from=mikus.sk; dkim=none (message not
signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=3Ic6kIS5htoW3t8fEDYxpU/v26NB5irRjt9EhH3b2WU=;
b=abpa4V6zTIwqie33Py8GGOO3LqVI2fX16hhTPSocy6Ind5xbrETkU+c0CQX/Zxnh5Hde7/PdFEjNueCbIzsqvSMCDoN8OnkT1DxCl/ev4kGJfRjRmkMx0b7gA+x8saRNKW6AYVVaH8OexS+0KZuI+ImUMId4RTCrXsrlUnaQOUo=
Authentication-Results: spf=pass (sender IP is 185.50.213.245)
smtp.mailfrom=mikus.sk; dkim=none (message not signed)
header.d=none;dmarc=bestguesspass action=none header.from=mikus.sk;
Received-SPF: Pass (protection.outlook.com: domain of mikus.sk designates
185.50.213.245 as permitted sender) receiver=protection.outlook.com;
client-ip=185.50.213.245; helo=brb.mikus.sk;
Content-Disposition: inline
In-Reply-To: <1DAF1488-496C-4D0F-ABB3-DECBCF73CF7E@gmail.com>
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ea767247-7dba-4117-3737-08da37020a3e
X-MS-TrafficTypeDiagnostic: SN6PR01MB4350:EE_
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam-PRVS: <SN6PR01MB435089686645EF68F07A28B6B6CF9@SN6PR01MB4350.prod.exchangelabs.com>
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: lYveifce8yPXBqP3VZlCLAFIqk6EJCnqHC+JNp7BqtYwNGvWbaI6hAIeOWTFn9apvTmRwlLIaTKtw4vyYvAo/1pRQ8FnF2W8yzBSfN6jBlAwpmmB/Ak0yrEZEk/q4vTEAkxfEkSIPZAsiF85aSkQM7P3zac0H/wEUt6Zbx97yjIKYrfRnr2CW4Ofz31gSjilxdjmawCs/13S3/L5eXuBV1Vyxo8X/5UmiMtK46S/GQ8/IQyLVLg0Vxo7/UYXbfaizcLibwIHVRmilxlDa5aP8cnsCR2mQCqTcZ7K/ibD2bzTU6RUCymq/m6vYMmsZxwLIml4UtNJcIr9zsbyR59wMYERHY/CXFXLDROOPnuWh+kqkDgK1GT7i8+TTHZVaeDkHV1ETGwc7w8WCgMTY4J0+x+SeJkrkgyHkijQuyS7cZsquSBvOL45EVFadWUve8Mhn24ZF3/AyCWj3o/KNRoY3+H513/8+uojEfz48N6ituunpTtBWW7gt++bGeEiEXzH8hw3oCZTLQ1I9qgbmxan+N7UeKHesiu5FuPhLMHGujc33wDBTF++8RNlQF1QmmOgKVO5jo1q/pqEeDo59pnQyFgyuRiAthLqcVMp+GCoeZw=
X-Forefront-Antispam-Report: CIP:185.50.213.245; CTRY:SK; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:brb.mikus.sk; PTR:brb.mikus.sk; CAT:NONE;
SFS:(13230001)(4636009)(7636003)(7596003)(2906002)(336012)(426003)(356005)(316002)(42186006)(786003)(1076003)(4744005)(8676002)(6862004)(4326008)(68406010)(70586007)(5660300002)(508600001)(26005)(53546011)(33656002)(86362001)(36756003)(2616005);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 May 2022 06:05:12.4533 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ea767247-7dba-4117-3737-08da37020a3e
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT047.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR01MB4350
X-OriginatorOrg: mitprod.onmicrosoft.com
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <20220516060511.GA1295866@mikus.sk>
X-Mailman-Original-References: <20220509190346.GA1253591@mikus.sk>
<1DAF1488-496C-4D0F-ABB3-DECBCF73CF7E@gmail.com>
View all headers
On Sat, 14.May.22 08:47:32 -0400, John Devitofranceschi wrote:


On May 9, 2022, at 3:03 PM, Andrej Mikus <a-krb5user@mikus.sk> wrote:
I am pointing KRB5_CONFIG to a file with correct KDC address/name, but
kinit always refers to the IP specified in /etc/krb5.conf.

It is my understanding that setting environment variable overrides any
use of files in /etc, also the test scripts in the code distribution
suggest this.

Is there an sssd_krb5_locator_plugin getting in the way?

Check under /usr/lib/krb5/plugins/libkrb5.

That was it. In a different place and with different filename
/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so but setting
SSSD_KRB5_LOCATOR_DISABLE works!

Thanks a lot for the hint.

Andrej


1
rocksolid light 0.7.2
clearneti2ptor