[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user mapping

On Wednesday 17 December 2003 01:31, Harald Barth wrote:
> When you use kadmin as user in REALM.COM, kadmin automatically assumes
> that you want to use kadmin as user/admin@REALM.COM.

Ok, see, I did not know this, it is not mentionned in any doc I read.

> > So, I created a second user called user/admin and I can now use kadmin
> > with no problem.
> That is the way it is normally done :-)

Great, so I guess all I have to do is create some user like admin/admin and 
give the username/password to the people who need it then.

> You should be able to configure kerberos so that the power users can
> do everything with their normal logins, but I think this is a less
> secure setup because this has the effect that you have the powerful
> kerberos tickets with admin right laying around all the time. But the
> choice is yours.

I see your point and I think you're right. I want heimdal because of its 
security, so I will try not to make some stupid setup that could compromise 

Thanks a lot, my second question will appear soon on the list :)