[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Should kadmin ask for password

To: "Hai Zaar" <haizaar@gmail.com>
Subject: Re: Should kadmin ask for password
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Thu, 7 Dec 2006 00:12:57 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <cfb54190612061439p3c14dfcbpdd248880ce321d8a@mail.gmail.com>
References: <cfb54190611161000s2bd18f24j529dcb4857e68d37@mail.gmail.com> <51901B50-1569-4055-B0B0-F115FA65257E@kth.se> <cfb54190611200009o2fcd79d4ld54e0361ca02d5a6@mail.gmail.com> <1C084855-9BA6-4D9B-8A80-98795BEE599C@kth.se> <cfb54190611200148v6ffb7c8fm1b2cbf8728f209ec@mail.gmail.com> <cfb54190611230301v1ea9a8dar26ddcb7a437609b5@mail.gmail.com> <75C09B2B-F942-4053-94FF-736F9A11F7F8@kth.se> <cfb54190612060516k762c4559j477af92615f2c6c0@mail.gmail.com> <DF0F8EE9-1A23-4CDA-87A1-6E837B0E291B@kth.se> <cfb54190612061439p3c14dfcbpdd248880ce321d8a@mail.gmail.com>
Sender: owner-heimdal-discuss@sics.se

6 dec 2006 kl. 23.39 skrev Hai Zaar:

> since I do not have kadmin/admin credential in cache.

it will ask you for you password since the principal in the credental  
cache
doesn't match what it think its the default (your principal with / 
admin added).

If you specify the principal with -p it should work just fine.

$ kinit
lha@SU.SE's Password:
$ klist
Credentials cache: FILE:krb5cc_501
         Principal: lha@SU.SE

   Issued           Expires          Principal
Dec  7 00:04:57  Dec  7 10:06:00  krbtgt/SU.SE@SU.SE
Dec  7 00:04:58  Dec  7 10:06:00  afs@SU.SE

$ kadmin -p lha
kadmin> get lha
             Principal: lha@SU.SE
[...]
kadmin> ext -k /tmp/kaka host/nutcracker.it.su.se
kadmin> exit
$ klist
Credentials cache: FILE:krb5cc_501
         Principal: lha@SU.SE

   Issued           Expires          Principal
Dec  7 00:04:57  Dec  7 10:06:00  krbtgt/SU.SE@SU.SE
Dec  7 00:04:58  Dec  7 10:06:00  afs@SU.SE
Dec  7 00:05:07  Dec  7 01:05:07  kadmin/admin@SU.SE
$ kinit -t FILE:/tmp/kaka host/nutcracker.it.su.se@SU.SE
$ klist
Credentials cache: FILE:krb5cc_501
         Principal: host/nutcracker.it.su.se@SU.SE

   Issued           Expires          Principal
Dec  7 00:11:33  Dec  7 10:12:36  krbtgt/SU.SE@SU.SE
Dec  7 00:11:34  Dec  7 10:12:36  afs@SU.SE



with this in the acl file:

$ grep ^lha@ /var/heimdal/kadmind.acl
lha@SU.SE               get                     lha@SU.SE
lha@SU.SE               add,get,modify,cpw,del  host/nutcracker.it.su.se


Love

References:
- Re: Should kadmin ask for password
  - From: "Hai Zaar" <haizaar@gmail.com>
- Re: Should kadmin ask for password
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: Should kadmin ask for password
  - From: "Hai Zaar" <haizaar@gmail.com>

Prev by Date: Re: Should kadmin ask for password
Next by Date: Certificates for PKINIT
Prev by thread: Re: Should kadmin ask for password
Next by thread: Re: kadmin return value
Index(es):
- Date
- Thread