[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user mapping

To: Harald Barth <haba@pdc.kth.se>
Subject: Re: user mapping
From: Antoine Jacoutot <ajacoutot@dioranews.com>
Date: Wed, 17 Dec 2003 08:48:32 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <20031217.013145.17750052.haba@pdc.kth.se>
References: <200312161846.51540.ajacoutot@dioranews.com> <20031217.013145.17750052.haba@pdc.kth.se>
Sender: owner-heimdal-discuss@sics.se
User-Agent: KMail/1.5.3

On Wednesday 17 December 2003 01:31, Harald Barth wrote:
> When you use kadmin as user in REALM.COM, kadmin automatically assumes
> that you want to use kadmin as user/admin@REALM.COM.

Ok, see, I did not know this, it is not mentionned in any doc I read.

> > So, I created a second user called user/admin and I can now use kadmin
> > with no problem.
>
> That is the way it is normally done :-)

Great, so I guess all I have to do is create some user like admin/admin and 
give the username/password to the people who need it then.

> You should be able to configure kerberos so that the power users can
> do everything with their normal logins, but I think this is a less
> secure setup because this has the effect that you have the powerful
> kerberos tickets with admin right laying around all the time. But the
> choice is yours.

I see your point and I think you're right. I want heimdal because of its 
security, so I will try not to make some stupid setup that could compromise 
it.

Thanks a lot, my second question will appear soon on the list :)

Antoine

Follow-Ups:
- Re: user mapping
  - From: Mans Nilsson <mansaxel@sunet.se>

References:
- user mapping
  - From: Antoine Jacoutot <ajacoutot@dioranews.com>
- Re: user mapping
  - From: Harald Barth <haba@pdc.kth.se>

Prev by Date: Re: user mapping
Next by Date: krb5_kt_add_entry: failed to add entry to (null)
Prev by thread: Re: user mapping
Next by thread: Re: user mapping
Index(es):
- Date
- Thread