Re: slapd/slurpd replication log not written to

[Juliet Kemp <j.kemp@imperial.ac.uk>]

Quanah Gibson-Mount wrote:
> --On Thursday, August 10, 2006 5:27 PM +0100 Juliet Kemp 
> <j.kemp@imperial.ac.uk> wrote:
>
> > Unfortunately, it seems that it's not possible to have 2 Kerberos tickets
> > active at the same time.
>
> I ran my servers this way for years and didn't have any such problem.  
> All you need to do is have a slurpd init script that sets the KRB5CCNAME 
> variable to point to a file other than *your* ticket cache.  Otherwise, 
> yes, getting a new ticket will blow away the existing ticket cache, 
> which you don't want.  And then only start/stop slurpd with the init 
> script.  For example, mine had:
>
> KRB5CCNAME="FILE:/tmp/ldap_replicator.tkt"
> export KRB5CCNAME
>
> And then I set up k5start to keep /tmp/ldap_replicator.tkt renewed with 
> the Kerberos principal in the keytab for slurpd replication.

Thanks again - I have now set this up as you suggest & all is working great!


Many thanks for all the help.


Juliet

--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Ms Juliet Kemp                                                +
+ Computer Manager		            star@imperial.ac.uk         +
+ Astrophysics Group                                            +
+ Imperial College                  Tel: +44 (0)20759 47538     +
+ London. SW7 2AZ                   Fax: +44 (0)20759 47541     +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++