[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to use kadmind

To: Leif Johansson <leifj@matematik.su.se>
Subject: Re: How to use kadmind
From: joda@pdc.kth.se (Johan Danielsson)
Date: 08 Oct 1998 09:49:49 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: Leif Johansson's message of "Thu, 08 Oct 1998 08:53:59 +0200"
References: <199810080653.IAA01727@trurl.matematik.su.se>
Sender: owner-heimdal-discuss@sics.se

Leif Johansson <leifj@matematik.su.se> writes:

> However, I am at a loss as to what I have to do to get kadmin to
> work; in mit k5 (or so I have heard ;-) there are acl files
> controlling who has the right to do what in kadmin and there is a
> special keytab-file used with kadmind.

Extract the kadmin/admin key from your database and put it in a keytab
someplace. If that keytab isn't /etc/krb5.keytab, you'll have to use
the --keytab option with kadmind.

In the acl-file (normally /var/heimdal/kadmind.acl) you put whoever
you want to access the administration server:

principal flags

where flags is some combination of `change-password' (or `cpw'),
`list', `delete', `modify', `add', `get', or `all'. Some examples:

foo/admin	list,add,get
bar/admin	all,-delete

/Johan

References:
- How to use kadmind
  - From: Leif Johansson <leifj@matematik.su.se>

Prev by Date: How to use kadmind
Next by Date: various thingys
Prev by thread: How to use kadmind
Next by thread: various thingys
Index(es):
- Date
- Thread