[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to use kadmind

Leif Johansson <leifj@matematik.su.se> writes:

> However, I am at a loss as to what I have to do to get kadmin to
> work; in mit k5 (or so I have heard ;-) there are acl files
> controlling who has the right to do what in kadmin and there is a
> special keytab-file used with kadmind.

Extract the kadmin/admin key from your database and put it in a keytab
someplace. If that keytab isn't /etc/krb5.keytab, you'll have to use
the --keytab option with kadmind.

In the acl-file (normally /var/heimdal/kadmind.acl) you put whoever
you want to access the administration server:

principal flags

where flags is some combination of `change-password' (or `cpw'),
`list', `delete', `modify', `add', `get', or `all'. Some examples:

foo/admin	list,add,get
bar/admin	all,-delete