How to configure advanced kadmind logging in Solaris
Monday Nov 03, 2008
After some experimenting and looking at source I've determined that the kadmind does have support for rotating its own log that is separate from the krb5kdc log (by default the kadmind logs to the log used by krb5kdc). To configure this, edit /etc/krb5/krb5.conf and add:
admin_server = FILE:/var/krb5/kadmin.log
admin_server_rotate = {
period = 1d
versions = 10
}
in the [logging] section. Unfortunately, this is not documented properly in the krb5.conf man page but it basically works the same as the kdc_rotate parameter which is documented in man krb5.conf.
Note, to configure both the kdc and kadmind logging behavior to log to separate files, use something like:
[logging]
# commenting out default so kadmind will log to a separate file
# default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.
period = 1d
# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
versions = 10
}
# controls kadmind logging
admin_server = FILE:/var/krb5/kadmin.log
admin_server_rotate = {
period = 1d
versions = 10
}
This is the supported way to rotate the krb5kdc and kadmind logs. Also note that the kdc.conf man page is in error regarding the logging section. Use krb5.conf to control KDC logging instead.
Like this post?
|
|
|
|
|
|
|
|
