Package: krb5-config Version: 2.3 Severity: normal Dear Maintainer,
I am currently installing an authentication server based on LDAP+Kerberos+FusionDirectory. To automate this setting and try to get reproducibility on the testing systems I am using a script to setup the configuration as much as possible. To be able to understand the various aspects of the setup I am also sometimes trying re-installation and/or reconfiguration after installation. In both cases (fresh installation vs. re-installation or reconfiguration) I would like to use debconf seeding (using debconf-set-selections) to perform the setup of krb5-config which holds most of the configuration. I am preseeding the debconf database with values like (using a single TAB as field separator) : debconf-set-selections <<EOF krb5-config krb5-config/default_realm string XXX.YYY.FR krb5-config krb5-config/add_servers_realm string XXX.YYY.FR krb5-config krb5-config/admin_server string test-fd.xxx.yyy.fr krb5-config krb5-config/kerberos_servers string test-fd.xxx.yyy.fr EOF Upon such pre-seeding (or seeding + dpkg-reconfigure) I would expect the /etc/krb5.conf file to contain an entry for the service of the XXX.YYY.FR realm, pointing to the test-fd.xxx.yyy.fr server. This entry should be at the top of the list present at the bottom of /etc/krb5.conf (section starting by [realms]). This is most often not the case. Indeed it seems that sometimes, depending if this is first installation, re-configuration or re-installlation after a «purge», the configuration somtimes works and most often does not work as expected… So far the best solution I have found is to avoid scripting the installation, but do it «interactively and step by step» to be sure that the krb5 configuration is exactly as expected before going any further. And in this case I have to do various actions (non-reproducible) during the krb5-config installation to make sure the setting is correct. I would have prefered to «fix» the configuration script of the package but it is currently much too complicated for me to understand what I can/could change and what I should definitely not touch to avoid causing regression. Indeed this will likely be a trouble on the Kerberos authenticated «client» server since the krb5-config is also the package used to configure the /not KDC, not kdamin/ servers as well. I am happy to provide help, in particular if you want me to perform some specific test(s) don't hesitate to ask. Cheers, Serge. -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=C.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages krb5-config depends on: ii bind9-host 1:9.9.5.dfsg-9+deb8u6 ii debconf [debconf-2.0] 1.5.56 krb5-config recommends no packages. krb5-config suggests no packages. -- debconf information: krb5-config/found_dns: krb5-config/title: krb5-config/no_dns: * krb5-config/add_servers: true * krb5-config/add_servers_realm: XXX.YYY.FR * krb5-config/default_realm: XXX.YYY.FR krb5-config/kerberos_servers: krb5-config/read_conf: true krb5-config/admin_server:
