I setup kerberos a few months ago. My .bash_history file shows it was installed with "apt-get install krb5-admin-server" The version of krb5-admin-server was 1.12.1+dfsg-1 according to /var/log/apt.history. I then installed krb5-kdc, "dpkg-reconfigure -plow krb5-kdc", and then configured with "krb5_newrealm". I would look in the krb5_newrealm in version 1.12.1+dfsg-1. I have upgraded since then. This bug report shows version 1.12.1+dfsg-16.
Incidentally, the output from krb5_newrealm (latest version) shows: root@lime:t# krb5_newrealm This script should be run on the master KDC/admin server to initialize a Kerberos realm. It will ask you to type in a master key password. This password will be used to generate a key that is stored in /etc/krb5kdc/stash. You should try to remember this password, but it is much more important that it be a strong password than that it be remembered. However, if you lose the password and /etc/krb5kdc/stash, you cannot decrypt your Kerberos database. Loading random data Initializing database '/etc/krb5kdc/principal' for realm 'EXAMPLE.COM', master key name 'K/m...@example.com' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Looks like krb5_newrealm is choosing a default location of /etc/krb5kdc instead of /var ... On Mon, Feb 9, 2015 at 9:52 PM, Russ Allbery <r...@debian.org> wrote: > Erik Haller <erik.hal...@gmail.com> writes: > > > Yes. These files reside under /etc/krb5kdc: > > > principal > > principal.kadm5 > > principal.kadm5.lock > > principal.ok > > kdc.conf > > .k5.EXAMPLE.COM > > Hm. When was this KDC created / initialized? (In other words, was it > just now set up fresh, or is this an existing Kerberos KDC that you've > upgraded?) > > Just to ask the obvious question, are you sure you didn't configure the > database location somewhere? > > -- > Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> >
