In general I tend to agree with Sam. A config was changed (kdc logging to a file in /var/log/), and for it to work fully another config needs to be changed (systemd). FreeIPA (who made the first change) can easily create a systemd override for this.
That being said, it's not super unreasonable for a user, after reading the kdc.conf(8) manpage, to expect logging to a file in /var/log to work. Were the logfile in, say, /var/adm, or some other nonexistent directory, I can easily see how that would require further configuration, but not /var/log. That I find a bit unexpected. I would however generally recommend to use SYSLOG and the AUTH facility, that would seem to offer better integration. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1874915 Title: krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system Status in krb5 package in Ubuntu: New Bug description: Hopefully this can trivially be corrected. Seems the systemd service file for the kerberos portion of freeipa could use a minor tweak. When restarting the kerberos service, it (incorrectly) reports that the default configured log file (/var/log/krb5kdc.log) is sending to a "read only filesystem". This is a misleading error, since the /var/log directory by default -IS- writeable, but systemd is in fact preventing the daemon from writing. Why systemd can't inject itself inappropriately and report that it's causing the trouble is another conversation. ;) [not personally a systemd fan] File: ===== /lib/systemd/system/krb5-kdc.service Command: ===== service krb5-kdc restart Error: ===== krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system Please make the following adjustment to the default systemd file. ===== 13c13 < ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run --- > ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run /var/log Thank you for all the help and support. :) Cheers, -Chris To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1874915/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
