Andreas Hasenack <andr...@canonical.com> writes: > If I include it via this krb5.conf: > [libdefaults] > includedir /etc/krb5.conf.d > default_realm = LOWTECH
> default realm is LXD. > If I include it like this: > [libdefaults] > default_realm = LOWTECH > includedir /etc/krb5.conf.d > Then default realm is LOWTECH. Do both MIT and Heimdal use the same order (first seen wins)? I hope so, otherwise this is going to be tricky. > I think it's best to have the includedir at the very top, outside any > section. Seems to be the least surprising. I think that's right. That means that fragments will override anything in the base /etc/krb5.conf, which feels correct to me. We should add a prominent comment to the top of the default /etc/krb5.conf that explains this, as well as a NEWS.Debian entry. Do both MIT and Heimdal sort the fragments alphabetically before including them, so that there's some predictable order for which fragments override each other? We'll want to document the ordering. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
