Member since
‎11-30-2015
7
Posts
2
Kudos Received
0
Solutions
‎03-14-2019
01:28 AM
Hi Ben ( @bgooley ) Thank you taking the time to investigate and comment. Your help is very much appreciated. I am using CM to manage krb5.conf ("Manage krb5.conf through Cloudera Manager" is checked). If what you are saying about the placement of includedir in the krb5.conf file is correct - that it must come before the first section - I am having problems using this feature. There are 3 configuration CM parameter that would enable me to add an includedir to krb5.conf: Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf Neither of them are injected into krb5.conf before the first section [libdefault]. So I cannot use includedir with CM managing krb5.conf Second. I am reading the MIT documentation (https://web.mit.edu/kerberos/krb5-1.15/doc/admin/conf_files/krb5_conf.html😞 The krb5.conf file can include other files using either of the following directives at the beginning of a line: include FILENAME includedir DIRNAME FILENAME or DIRNAME should be an absolute path ... I cannot se any requirement that includir should be at the beginning of the file; only at the beginning of the line. Having an includedir at the end of the krb5.conf file does indeed work with the Linux OS (CentOS 7.5). It is only Java 8+ that is having an issue. So I will still claim that somewhere ends do not meet up. Either CM has insuficcient features to deal with scenarios where includedir is used (which is default if sssd is used), or Java 8 is missing af feature that was present in Java 7. BUT as I described in my initial post a workaround is available (and fairly benign), one just needs to be aware of the issue if a Java 8 migration is in the making. Once again thank you for your insights. Best regards, Henrik Ring
... View more