[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: user mapping
On Wednesday 17 December 2003 01:31, Harald Barth wrote:
> When you use kadmin as user in REALM.COM, kadmin automatically assumes
> that you want to use kadmin as user/admin@REALM.COM.
Ok, see, I did not know this, it is not mentionned in any doc I read.
> > So, I created a second user called user/admin and I can now use kadmin
> > with no problem.
> That is the way it is normally done :-)
Great, so I guess all I have to do is create some user like admin/admin and
give the username/password to the people who need it then.
> You should be able to configure kerberos so that the power users can
> do everything with their normal logins, but I think this is a less
> secure setup because this has the effect that you have the powerful
> kerberos tickets with admin right laying around all the time. But the
> choice is yours.
I see your point and I think you're right. I want heimdal because of its
security, so I will try not to make some stupid setup that could compromise
Thanks a lot, my second question will appear soon on the list :)