> And, to reply to another question from before, if I put the includedir > directive inside a section, for example, inside [libdefaults], that's > invalid because it expects all entries in sections to be key=pair > values: > root@o-heimdal:~# head /etc/krb5.conf -n 4 > > [libdefaults] > includedir /etc/krb5.conf.d > default_realm = LOWTECH > > root@o-heimdal:~# verify_krb5_conf > verify_krb5_conf: krb5_config_parse_file: open /root/.krb5/config: No > such file or directory > verify_krb5_conf: krb5_config_parse_file: /etc/krb5.conf:3: missing =
Oh, my mistake, that was with unpatched heimdal. With patched heimdal, it allows that includedir inside a section. And indeed there are questions of ordering and overrides then, to be better understood. This config snippet: [libdefaults] default_realm = LXD If I include it via this krb5.conf: [libdefaults] includedir /etc/krb5.conf.d default_realm = LOWTECH default realm is LXD. If I include it like this: [libdefaults] default_realm = LOWTECH includedir /etc/krb5.conf.d Then default realm is LOWTECH. I think it's best to have the includedir at the very top, outside any section. Seems to be the least surprising.
