Red Hat Bugzilla – Bug 827714
/etc/sysconfig/dirsrv does not work for setting keytabs (need instance specific)
Last modified: 2012-06-16 14:59:07 EDT
In the current /etc/sysconfig/dirsrv documentation, there is the following block: # In order to use SASL/GSSAPI (Kerberos) the directory # server needs to know where to find its keytab # file - uncomment the following line and set # the path and filename appropriately # if using systemd, omit the "; export VARNAME" at the end # KRB5_KTNAME=/etc/dirsrv/myname.keytab ; export KRB5_KTNAME However, uncommenting this line and specifying the keytab appropriately doesn't work; instead, you need to set KRB5_KTNAME the instance specific systemd file e.g. /etc/sysconfig/dirsrv-scripts for the dirsrv to pick up the keytab. There is also another odd little bug where if /etc/sysconfig/dirsrv is missing, there is an LD_PRELOAD error looking for the Solaris /usr/lib/libumem.so
Hmm - works for me: /etc/sysconfig/dirsrv: ... KRB5_KTNAME=/etc/dirsrv/myname.keytab ... RANDOM_ENV_VAR=1 ... start directory server using systemctl start dirsrv.target ps -ef|grep slapd cat /proc/pid-of-slapd/environ | tr '\0' '\n' ... KRB5_KTNAME=/etc/dirsrv/myname.keytab ... RANDOM_ENV_VAR=1 ...
Hm, in that case, the bug probably was me forgetting to follow the instructions 'if using systemd, omit the "; export VARNAME" at the end'.