[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user mapping

On Wednesday 17 December 2003 13:23, you wrote:
> Technically these are different instances of the same user, but I
> understand what you mean. No, you can't make them the same, but you
> can authenticate to the kadmin server with your regular principal, you
> just have to use kadmin -p user@REALM.

Great, this is exactly what I was looking for, thanks :)

> One reason to use a separate admin account, is that you can enforce
> more strict controls on them, like password length, max ticket life,
> etc. I would advise against using just one shared admin account, as
> this would make tracing impossible. Also if the password is
> compromised, or if people quit, you will have to tell everyone the new
> password, which if nothing else takes a lot of time.

I can understand that and will then try to avoy that solution.
Once again, thank you.