[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Should kadmin ask for password

To: "=?UTF-8?Q?Love_H=C3=B6rnquist_=C3=85strand?=" <lha@kth.se>
Subject: Re: Should kadmin ask for password
From: "Hai Zaar" <haizaar@gmail.com>
Date: Tue, 20 Nov 2007 14:21:05 +0200
Cc: heimdal-discuss@sics.se
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=qX1ShSMmcFHqmRF5Nh9JmaWo3DGqXW3l2I0oJgD1ymY=; b=aN8MM9Njv6WccjAxX5M8C9izllZElWY6yIie6+2nF+GUlUWhNgY9P1jShWxybaF8Q3i7ywIsE41tW9GCc6DyYA0gBTs2E7TeCtYxDt2CVVKTVcnelEWjrwSXjcqWAWEOjfdFP6vPIsJ5RYPZo0pxH4x2XbmqD7B1FRkkLW7n8Wo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Zfrci7DKi0J6evFhTjn+RKE0OKUpP43ABN5EDhlgTbJwrLeMP4RXzXs1O5YJaj4vISv2qmOKpvB7XclfR2KVPFlKX2TYLFOfc03MWtqq3iVynYdUWhQtcCLjUksr6kYVOTj84zZZhLJnXxpIdOnKqfXfw95N1RVmBlu9/u//f6I=
In-Reply-To: <42FC943A-C73E-466D-8CB5-8E277034A16D@kth.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <cfb54190611161000s2bd18f24j529dcb4857e68d37@mail.gmail.com> <cfb54190611200148v6ffb7c8fm1b2cbf8728f209ec@mail.gmail.com> <cfb54190611230301v1ea9a8dar26ddcb7a437609b5@mail.gmail.com> <75C09B2B-F942-4053-94FF-736F9A11F7F8@kth.se> <cfb54190612060516k762c4559j477af92615f2c6c0@mail.gmail.com> <DF0F8EE9-1A23-4CDA-87A1-6E837B0E291B@kth.se> <cfb54190612061439p3c14dfcbpdd248880ce321d8a@mail.gmail.com> <0C11B58F-1E19-4A9C-BEAD-7B2CC9A2F44C@kth.se> <cfb54190702280501l3ad454c9n63935562ecc23b46@mail.gmail.com> <42FC943A-C73E-466D-8CB5-8E277034A16D@kth.se>
Reply-To: heimdal-discuss@sics.se, "Hai Zaar" <haizaar@gmail.com>

It looks like the bug is back. In the nutshell.
#> kinit haizaarhaizaar@DOMAIN.COM password:#> kadmin -p haizaar list haizaarhaizaar@DOMAIN.COM password:Love cooked a patch to alter kadmin behavior - if principal isspecified explicitly, then use it and do not add /admin, etc.(http://www.mail-archive.com/heimdal-discuss@sics.se/msg00168.html)It looks like the patch was merged upstream.
Although now I'm migrating from 0.7.2 to heimdal-1.0.1 and the problempopped out again.
Here is the thead

On Apr 21, 2007 10:17 PM, Love Hörnquist Åstrand <lha@kth.se> wrote:> Hello Hai,>> Check old marked email., Did I manged to include the delta in the> heimdal 0.8(.1) release ?>> Love>>> 28 feb 2007 kl. 14.01 skrev Hai Zaar:>>> > Hi, Love!> > Sorry for late reply.> >> > On 12/7/06, Love Hörnquist Åstrand <lha@kth.se> wrote:> >> 6 dec 2006 kl. 23.39 skrev Hai Zaar:> >>> >> > since I do not have kadmin/admin credential in cache.> >>> >> it will ask you for you password since the principal in the credental> >> cache> >> doesn't match what it think its the default (your principal with /> >> admin added).> >>> >> If you specify the principal with -p it should work just fine.> > But after 2 month in production, I can confirm that your patch works> > just fine. Thanks again!> > It will be great to have it included in upcoming heimdal-0.8.> >> >> >>> >> $ kinit> >> lha@SU.SE's Password:> >> $ klist> >> Credentials cache: FILE:krb5cc_501> >>          Principal: lha@SU.SE> >>> >>    Issued           Expires          Principal> >> Dec  7 00:04:57  Dec  7 10:06:00  krbtgt/SU.SE@SU.SE> >> Dec  7 00:04:58  Dec  7 10:06:00  afs@SU.SE> >>> >> $ kadmin -p lha> >> kadmin> get lha> >>              Principal: lha@SU.SE> >> [...]> >> kadmin> ext -k /tmp/kaka host/nutcracker.it.su.se> >> kadmin> exit> >> $ klist> >> Credentials cache: FILE:krb5cc_501> >>          Principal: lha@SU.SE> >>> >>    Issued           Expires          Principal> >> Dec  7 00:04:57  Dec  7 10:06:00  krbtgt/SU.SE@SU.SE> >> Dec  7 00:04:58  Dec  7 10:06:00  afs@SU.SE> >> Dec  7 00:05:07  Dec  7 01:05:07  kadmin/admin@SU.SE> >> $ kinit -t FILE:/tmp/kaka host/nutcracker.it.su.se@SU.SE> >> $ klist> >> Credentials cache: FILE:krb5cc_501> >>          Principal: host/nutcracker.it.su.se@SU.SE> >>> >>    Issued           Expires          Principal> >> Dec  7 00:11:33  Dec  7 10:12:36  krbtgt/SU.SE@SU.SE> >> Dec  7 00:11:34  Dec  7 10:12:36  afs@SU.SE> >>> >>> >>> >> with this in the acl file:> >>> >> $ grep ^lha@ /var/heimdal/kadmind.acl> >> lha@SU.SE               get                     lha@SU.SE> >> lha@SU.SE               add,get,modify,cpw,del  host/> >> nutcracker.it.su.se> >>> >>> >> Love> >>> >>> >>> >>> >>> >> >> > --> > Zaar>>


-- Zaar

Prev by Date: Re: Difference in handling SPNEGO tokens between heimdal 0.7.2 ,0.8.1 and 1.0.1
Next by Date: The Right Picks
Prev by thread: International Postcode Promotion 2007.Your Email I. D . Has won.
Next by thread: The Right Picks
Index(es):
- Date
- Thread