I assume it was oversight that stopped you sending this to the BTS, so I have
done so. This means I can point upstream to read your report if required.
Thanks for your report.
On Sun, Jul 12, 2009 at 10:19:40AM -0700, Jeff Doyle wrote:
> Of course I can reproduce this error.
>
> 1.) Edit krb5.conf on KDC. Add one LDAP-based Heimdal backend config.
> 2.) Start KDC and view logs
> 3.) In logs, single LDAP Heimdal backend is acknowledged, and Kerberos via
> LDAP works fine.
> 4.) Stop KDC and edit krb5.conf again. Add a second DB instance, below
> existing one.
> 5.) Start KDC again, and view logs.
> 6.) Only the first DB instance is acknowledged. Subsequent ones are
> ignored entirely. No errors, no messages saying only one backend is
> allowed. Nothing.
> 7.) Reverse order of DB instances in krb5.conf (make sure I haven't
> misconfigured them).
> 8.) Again, only the first DB is acknowledged; whatever one is at the top
> of the database section.
>
> Example krb5.conf on local KDC/LDAP server:
>
> [kdc]
>
> database = {
> dbname =
> ldap:cn=DEV.EXAMPLE.COM,cn=gssapi,cn=auth,dc=example,dc=com
> realm = DEV.EXAMPLE.COM
> }
>
> database = {
> dbname =
> ldap:cn=OPS.EXAMPLE.COM,cn=gssapi,cn=auth,dc=example,dc=com
> realm = OPS.EXAMPLE.COM
> }
>
> As you can see, identical configuration, aside from realm definitions and
> LDAP backend DNs. But the 1st parsed DB is the only one to be in the
> spotlight.
>
> I have pored over the Debian man pages related to this. It really does
> seem as if this IS a legal configuration.
--
Brian May <b...@snoopy.debian.net>
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
