'net ads' not respecting KRB5_CONFIG when built against MIT Kerberos

Discussion:

Paulo Alcantara via samba-technical

2018-04-23 13:41:19 UTC

Hi,

The 'net ads' command is not respecting the KRB5_CONFIG environment
variable when built agaisnt MIT Kerberos. That is, if the user set
KRB5_CONFIG to override system profile (/etc/krb5.conf), it will get
overwritten late in create_local_private_krb5_conf_for_domain() with
samba's local krb5.conf by calling setenv().

As per documentation, krb5 should support config files passed through
KRB5_CONFIG env var.

Please review and comment the patch below.

Paulo

Andreas Schneider via samba-technical

2018-04-23 14:32:07 UTC

Permalink

On Monday, 23 April 2018 15:41:19 CEST Paulo Alcantara via samba-technical

Post by Paulo Alcantara via samba-technical
Hi,
The 'net ads' command is not respecting the KRB5_CONFIG environment
variable when built agaisnt MIT Kerberos. That is, if the user set
KRB5_CONFIG to override system profile (/etc/krb5.conf), it will get
overwritten late in create_local_private_krb5_conf_for_domain() with
samba's local krb5.conf by calling setenv().

There is a smb.conf options: 'create krb5 conf = no' to disable this. However
it will disable some AD features if you do this. Especially can lead to issues
during join.

RB-

--
Andreas Schneider GPG-ID: CC014E3D
Samba Team ***@samba.org
www.samba.org

Paulo Alcantara via samba-technical

2018-04-23 17:43:24 UTC

Permalink

Post by Andreas Schneider via samba-technical
On Monday, 23 April 2018 15:41:19 CEST Paulo Alcantara via samba-technical

There is a smb.conf options: 'create krb5 conf = no' to disable this. However
it will disable some AD features if you do this. Especially can lead to issues
during join.

OK. That worked for me!

Thanks!
Paulo