> On Mar 15, 2005, at 2:14 PM, Love Hörnquist Åstrand wrote:
> >
> > "Henry B. Hotz" <hotz@jpl.nasa.gov> writes:
> >
> >> What I don't understand is ext_keytab. I don't see how that command
> >> is protected, or what permission it uses.
> >>
> >> What I'd like to do is specify an "admin" account that's allowed to
> >> get expiration dates and maybe enctypes for everybody, but can't
> >> extract a keytab for (and impersonate) anybody. In other terms: the
> >> metadata is OK, but the keys aren't.
> >
> > I've got a patch that I've been meaning to to integerate any month
> > now. It add a new keyword "key" to the ACL table.
Love,
do you have another patch like this so that a user can view his/her
own but no other KDC entry just like this was the case in AFS.
"kas examine" worked for your own account. To view others you needed
to have the ADMIN flag set.
It was always handy that users could get the age of their own password.
Thanks,
Alf.
-----------------------------------------------------------------------
Alf Wachsmann | e-mail: alfw@slac.stanford.edu
SLAC Computing Service | Phone: +1-650-926-4802
2575 Sand Hill Road, M/S 97 | FAX: +1-650-926-3329
Menlo Park, CA 94025, USA | Office: Bldg. 50/323
-----------------------------------------------------------------------
http://www.slac.stanford.edu/~alfw (PGP)
-----------------------------------------------------------------------