[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject



;
; Tieing host to the "main" realm
;
_kerberos.legba                 IN      TXT     "TEST.EV.CO.YU"

_kerberos._udp.legba            IN      SRV     0 0 88 Legba
_kerberos-master._udp.legba     IN      SRV     0 0 88 Legba
_kerberos-adm._tcp.legba        IN      SRV     0 0 749 Legba
_kpasswd._udp.legba             IN      SRV     0 0 464 Legba
;
; second realm on the same host
;
_kerberos._udp.test             IN      SRV     0 0 88  Legba
_kerberos-master._udp.test      IN      SRV     0 0 88  Legba
_kerberos-adm._tcp.test         IN      SRV     0 0 749 Legba
_kpasswd._udp.test              IN      SRV     0 0 464 Legba

Now, admin/admin@LEGBA.EV.CO.YU can administer the DB and =
admin/admin@TEST.EV.CO.YU cannot, although they are both listed in the =
kadmind.acl. BTW, when I ommit "realm =3D ..." from "database" element =
in the [kdc] section, kadmind looks at the correct place - ACL file =
defined in the "database" element. What is the purpose of that atribute =
at all?

Please, if you answer, do a CC to Nikola.Milutinovic@ev.co.yu.

Nix.
------=_NextPart_000_0005_01C3603A.B3033F50
Content-Type: text/html;
	charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-2">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi all.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I got no reply, hell, I got no mail =
from this list=20
(I am regularly subscribed). Well, anybody got an idea on how to setup =
Kadmin=20
Daemon to allow remote administration of one host with multiple=20
realms.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>From what I've managed to understand so =
far, if one=20
(KDC)/KadminD handles multiple realms, then only the admin from the =
"main" realm=20
can do anything. By "main" realm, I'm refering to the one linked to that =
host on=20
the DNS, like this:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>; Tieing host to the "main" =
realm</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>;</FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2>_kerberos.legba&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
IN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; TXT&nbsp;&nbsp;&nbsp;&nbsp;=20
"TEST.EV.CO.YU"</FONT></DIV><FONT face=3DArial size=3D2>
<DIV><BR>_kerberos._udp.legba&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;=20
IN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SRV&nbsp;&nbsp;&nbsp;&nbsp; 0 0 88=20
Legba<BR>_kerberos-master._udp.legba&nbsp;&nbsp;&nbsp;&nbsp;=20
IN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SRV&nbsp;&nbsp;&nbsp;&nbsp; 0 0 88=20
Legba<BR>_kerberos-adm._tcp.legba&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;=20
IN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SRV&nbsp;&nbsp;&nbsp;&nbsp; 0 0 749=20
Legba<BR>_kpasswd._udp.legba&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;=20
IN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SRV&nbsp;&nbsp;&nbsp;&nbsp; 0 0 464=20
Legba<BR>;</DIV>
<DIV>; second realm on the same host</DIV>
<DIV>;<BR>_kerberos._udp.test&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
IN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SRV&nbsp;&nbsp;&nbsp;&nbsp; 0 0 =
88&nbsp;=20
Legba<BR>_kerberos-master._udp.test&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
IN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SRV&nbsp;&nbsp;&nbsp;&nbsp; 0 0 =
88&nbsp;=20
Legba<BR>_kerberos-adm._tcp.test&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;=20
IN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SRV&nbsp;&nbsp;&nbsp;&nbsp; 0 0 749=20
Legba<BR>_kpasswd._udp.test&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
IN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SRV&nbsp;&nbsp;&nbsp;&nbsp; 0 0 464=20
Legba<BR></DIV>
<DIV>Now, <A=20
href=3D"mailto:admin/admin@LEGBA.EV.CO.YU">admin/admin@LEGBA.EV.CO.YU</A>=
 can=20
administer the DB and <A=20
href=3D"mailto:admin/admin@TEST.EV.CO.YU">admin/admin@TEST.EV.CO.YU</A> =
cannot,=20
although they are both listed in the kadmind.acl. BTW, when I ommit =
"realm =3D=20
..." from "database" element in the [kdc] section, kadmind looks at the =
correct=20
place - ACL file defined in the "database" element. What is the purpose =
of that=20
atribute at all?</DIV>
<DIV>&nbsp;</DIV>
<DIV>Please, if you answer, do a CC to <A=20
href=3D"mailto:Nikola.Milutinovic@ev.co.yu">Nikola.Milutinovic@ev.co.yu</=
A>.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Nix.</DIV></FONT></BODY></HTML>

------=_NextPart_000_0005_01C3603A.B3033F50--