Ubuntu
krb5 package

kadmin.local in wrong package

Bug #1363980 reported by Hadmut Danisch
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
krb5 (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

Hi,

in contrast to /usr/bin/kadmin, /usr/bin/kadmin.local does not use the server, but accesses the database directly. It does not use the krb5-admin-server.

It therefore should not be packed into the krb5-admin-server, but in the krb5-kdc package, to allow using it without/before installing the admin server.

Doesn't make sense to put a program designed to be independent from admin-server in the package with admin-server.

regards
Hadmut

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: krb5-admin-server 1.12+dfsg-2ubuntu4.2
ProcVersionSignature: Ubuntu 3.13.0-34.60-generic 3.13.11.4
Uname: Linux 3.13.0-34-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.14.1-0ubuntu3.3
Architecture: amd64
CurrentDesktop: XFCE
Date: Mon Sep 1 14:18:26 2014
SourcePackage: krb5
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Hadmut Danisch (hadmut) wrote :
Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

This sort of change should be coordinated with Debian. Please could you check behaviour in Debian and file a bug there if appropriate?

Changed in krb5 (Ubuntu):
importance: Undecided → Medium
tags: added: needs-upstream-report
Revision history for this message
Sam Hartman (hartmans) wrote :

Hi. Here's the rationale behind the krb5-kdc krb5-kadmin-server split.
The krb5-kdc package includes the things you'd need on a traditional slave KDC. One of the key things about a slave KDC is that the database is read-only. The slave is not making any changes to the database, locally or otherwise.
So, kadmin.local does not belong on a slave KDC.
However krb5-admin-server includes the stuff you need for a master KDC: local administration tools, the admin server, etc.
I'd be interested in documentation/description suggestions if this could be made more clear.

However, I would not support changing the binary location in Debian.

Changed in krb5 (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.