Cannot elide admin_servers from debconf config

Bug #452461 reported by Daniel Richard G.
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kerberos-configs (Ubuntu)

Bug Description

Binary package hint: krb5-config

I want to set up /etc/krb5.conf via debconf so that the file specifies "kdc" for my Kerberos realm, but not "admin_server" (nor "kpasswd") because I want those to be found via DNS.

If I do the logical thing, however---give a value for krb5-config/kerberos_servers, but leave krb5-config/admin_server empty---the config script does not create a clause under [realms] at all. It should be creating a clause with a "kdc" line and nothing more.

(Background: This is an enterprise scenario. DNS points to a long list of remote authoritative KDCs. Because these KDCs are remote, and also buggy [long story] we would rather use a local read-only KDC for normal authentication. But obviously, admin_server and kpasswd have to go to the authoritative KDCs.)

Revision history for this message
Chuck Short (zulcss) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately, we can't fix it because your description didn't include enough information. You may find it helpful to read "How to report bugs effectively" We'd be grateful if you would then provide a more complete description of the problem. We have instructions on debugging some types of problems at
At a minimum, we need:
1. the specific steps or actions you took that caused you to encounter the problem,
2. the behavior you expected, and
3. the behavior you actually encountered (in as much detail as possible).

When reporting bugs in the future please use apport, either via the appropriate application's "Help -> Report a Problem" menu or using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at

Changed in kerberos-configs (Ubuntu):
importance: Undecided → Wishlist
status: New → Incomplete
Revision history for this message
Chuck Short (zulcss) wrote :

We'd like to figure out what's causing this bug for you, but we haven't heard back from you in a while. Could you please provide the requested information? Thanks!

Revision history for this message
Daniel Richard G. (skunk) wrote :

Sorry for not following up sooner.

I want to set up my /etc/krb5.conf file via debconf, as is currently implemented, but I want to do things a little differently from what the scripts have been written to do.

Normally, you'd specify something like this in debconf:

    krb5-config/default_realm: REALM.COM

Which would result in a clause in /etc/krb5.conf like

  kdc =
  kdc =
  admin_server =

But I want a krb5.conf clause that *does not specify* an "admin_server", only "kdc"s. (I want to use an explicitly specified KDC, but allow the Kerberos admin server to be located via DNS.)

Presumably, you would set an empty value for admin_server in debconf, and the scripts would give the desired result. But at present, an empty admin_server value causes the "REALM.COM = { ... }" clause not to be generated *at all*. It's the same behavior you get if you enable the debconf krb5-config/dns_for_default option.

The bug is that debconf will process only both items (kdc + admin_server) or none, where it should be allowing the flexibility to use just one or the other.

Revision history for this message
Daniel Richard G. (skunk) wrote :

Please let me know if any further information is needed.

Changed in kerberos-configs (Ubuntu):
status: Incomplete → New
Mathias Gug (mathiaz)
Changed in kerberos-configs (Ubuntu):
status: New → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.