Comment 3 for bug 452461

Sorry for not following up sooner.

I want to set up my /etc/krb5.conf file via debconf, as is currently implemented, but I want to do things a little differently from what the scripts have been written to do.

Normally, you'd specify something like this in debconf:

    krb5-config/kerberos_servers: server1.realm.com server2.realm.com
    krb5-config/default_realm: REALM.COM
    krb5-config/admin_server: admin-server.realm.com

Which would result in a clause in /etc/krb5.conf like

    [realms]
 REALM.COM = {
  kdc = server1.realm.com
  kdc = server2.realm.com
  admin_server = admin-server.realm.com
 }

But I want a krb5.conf clause that *does not specify* an "admin_server", only "kdc"s. (I want to use an explicitly specified KDC, but allow the Kerberos admin server to be located via DNS.)

Presumably, you would set an empty value for admin_server in debconf, and the scripts would give the desired result. But at present, an empty admin_server value causes the "REALM.COM = { ... }" clause not to be generated *at all*. It's the same behavior you get if you enable the debconf krb5-config/dns_for_default option.

The bug is that debconf will process only both items (kdc + admin_server) or none, where it should be allowing the flexibility to use just one or the other.