[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Extract Keytab permissions

To: heimdal-discuss@sics.se
Subject: Extract Keytab permissions
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Thu, 10 Mar 2005 11:02:27 -0800
Sender: owner-heimdal-discuss@sics.se

I'm having difficulty disentangling the permissions structure for  
kadmin[d].  Mostly it's pretty straightforward.  One permission from  
kadmind.acl maps to one admin command.

What I don't understand is ext_keytab.  I don't see how that command is  
protected, or what permission it uses.

What I'd like to do is specify an "admin" account that's allowed to get  
expiration dates and maybe enctypes for everybody, but can't extract a  
keytab for (and impersonate) anybody.  In other terms:  the metadata is  
OK, but the keys aren't.
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Prev by Date: Re: error npfs on compilation
Next by Date: ldap <--> heimdal again
Prev by thread: Re: error npfs on compilation
Next by thread: Re: Extract Keytab permissions
Index(es):
- Date
- Thread