[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Should kadmin ask for password

To: "=?UTF-8?Q?Love_H=C3=B6rnquist_=C3=85strand?=" <lha@kth.se>
Subject: Re: Should kadmin ask for password
From: "Hai Zaar" <haizaar@gmail.com>
Date: Wed, 28 Feb 2007 15:01:53 +0200
Cc: heimdal-discuss@sics.se
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=evRO7/H8Kom0HGD83TAHrjgb23P/fPYQLxjthHQc65cb5wRlr/vnaeLrA4F85+tv9rSFdvR6DaPyPIUskQzh7SMd5t/Mlf9hRMAc0uCTT8mVd6J+6/bMR/vdBm4cxBYZ5pIvQnfL3B9XWRJTPvgyIXIsliTaRdrZyao0KHHbyw8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=WwL1Qt/TCGpE4wX2jiyCrea5JfvUKKHU7Lc9ZKK68rJrc7qwTJE+uAOa2Cr1yKNUXDiMPeqpCd0LZlja0SIPRllgF2exhnBm/rVkK4cFGKabzbTpYqXkAucuEVDN4rk5qbZovUqAKIInLjlW7UeDIVMBd0r5Ug6FJlDzJi5Li18=
In-Reply-To: <0C11B58F-1E19-4A9C-BEAD-7B2CC9A2F44C@kth.se>
References: <cfb54190611161000s2bd18f24j529dcb4857e68d37@mail.gmail.com> <cfb54190611200009o2fcd79d4ld54e0361ca02d5a6@mail.gmail.com> <1C084855-9BA6-4D9B-8A80-98795BEE599C@kth.se> <cfb54190611200148v6ffb7c8fm1b2cbf8728f209ec@mail.gmail.com> <cfb54190611230301v1ea9a8dar26ddcb7a437609b5@mail.gmail.com> <75C09B2B-F942-4053-94FF-736F9A11F7F8@kth.se> <cfb54190612060516k762c4559j477af92615f2c6c0@mail.gmail.com> <DF0F8EE9-1A23-4CDA-87A1-6E837B0E291B@kth.se> <cfb54190612061439p3c14dfcbpdd248880ce321d8a@mail.gmail.com> <0C11B58F-1E19-4A9C-BEAD-7B2CC9A2F44C@kth.se>
Sender: owner-heimdal-discuss@sics.se

Hi, Love!Sorry for late reply.
On 12/7/06, Love Hörnquist Åstrand <lha@kth.se> wrote:> 6 dec 2006 kl. 23.39 skrev Hai Zaar:>> > since I do not have kadmin/admin credential in cache.>> it will ask you for you password since the principal in the credental> cache> doesn't match what it think its the default (your principal with /> admin added).>> If you specify the principal with -p it should work just fine.But after 2 month in production, I can confirm that your patch worksjust fine. Thanks again!It will be great to have it included in upcoming heimdal-0.8.

>> $ kinit> lha@SU.SE's Password:> $ klist> Credentials cache: FILE:krb5cc_501>          Principal: lha@SU.SE>>    Issued           Expires          Principal> Dec  7 00:04:57  Dec  7 10:06:00  krbtgt/SU.SE@SU.SE> Dec  7 00:04:58  Dec  7 10:06:00  afs@SU.SE>> $ kadmin -p lha> kadmin> get lha>              Principal: lha@SU.SE> [...]> kadmin> ext -k /tmp/kaka host/nutcracker.it.su.se> kadmin> exit> $ klist> Credentials cache: FILE:krb5cc_501>          Principal: lha@SU.SE>>    Issued           Expires          Principal> Dec  7 00:04:57  Dec  7 10:06:00  krbtgt/SU.SE@SU.SE> Dec  7 00:04:58  Dec  7 10:06:00  afs@SU.SE> Dec  7 00:05:07  Dec  7 01:05:07  kadmin/admin@SU.SE> $ kinit -t FILE:/tmp/kaka host/nutcracker.it.su.se@SU.SE> $ klist> Credentials cache: FILE:krb5cc_501>          Principal: host/nutcracker.it.su.se@SU.SE>>    Issued           Expires          Principal> Dec  7 00:11:33  Dec  7 10:12:36  krbtgt/SU.SE@SU.SE> Dec  7 00:11:34  Dec  7 10:12:36  afs@SU.SE>>>> with!
 this in the acl file:>> $ grep ^lha@ /var/heimdal/kadmind.acl> lha@SU.SE               get                     lha@SU.SE> lha@SU.SE               add,get,modify,cpw,del  host/nutcracker.it.su.se>>> Love>>>>>

-- Zaar

Prev by Date: Re: Heimdal and nfs-utils
Next by Date: Re: Heimdal and nfs-utils
Prev by thread: Re: Heimdal and nfs-utils
Index(es):
- Date
- Thread