[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal-0.7.1rc2 // hoh.2

Hello list member , hello Love!

The context is still the same .

On Fri, 12 Aug 2005, Love Hörnquist Åstrand wrote:
|kadmind requires initial credential, so you if you want to not type the
|password for each requests, you have to get initial tickets before trying.
|kinit -S kadmin/admin@SU.SE -p lha/admin@SU.SE
|kadmin -p lha/admin

Thank You very much for your fast responce!
Yes, You are right, for "user/admin" Your hint works fine.

But (maybe I'm totaly mixed) I think it is still not perfect
since I can't manage to get the same result w/o the 'admin' instance.

All I want/need is this :
(1) auhthenticate as a user known to be afsadmin (and kerberos admin)
(2) do 'bulk' operation  to both , the afs-world AND kerberos.
We need this for set up or remove bundle of users.
The AFS-ACL, the Fileserver and the PTS still know the  afsadmins, so I
try  to adjust the new component 'heimdal' to fit in as a replace for

Here you can see what i got, maybe I have an other stupid error :

# cat /var/heimdal/kadmind.acl
admin/admin     all
user1/admin     all
feiler          all
rzfeiler        all

# kinit -S kadmin/admin@UNI-HOHENHEIM.DE -p feiler
feiler@UNI-HOHENHEIM.DE's Password:
# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: feiler@UNI-HOHENHEIM.DE

  Issued           Expires          Principal
Aug 13 00:00:15  Aug 14 01:00:15  kadmin/admin@UNI-HOHENHEIM.DE

# # # No AFS-ticket any more.

# kadmin -p feiler list '*feiler*'
feiler@UNI-HOHENHEIM.DE's Password:

# kadmin  list '*feiler*'
feiler/admin@UNI-HOHENHEIM.DE's Password:
kadmin: kadm5_get_principals: Client (feiler/admin@UNI-HOHENHEIM.DE) unknown

# kadmin -p feiler
kadmin> list feiler*
feiler@UNI-HOHENHEIM.DE's Password:
kadmin> quit

As You see, I'm still asked for a password.
Trying it  with an instance ('user1/admin') works just fine.

I'm somewhat clueless and would be very pleased if one coud give
me a further hint on my bulk-problem.

Thank You!

Fuer Rueckfragen stehe ich Ihnen gerne zur Verfuegung, bevorzuge jedoch
telefonische Kontaktaufnahme ( 3949 oder +49 (0)179 6954907 ).  Danke.

Hochachtungsvoll und mit freundlichen Gruessen   M.Feiler

  Mit Computerviren verhaelt es sich so, wie mit verschiedenen
  Geschlechtskrankheiten:  Meist HOLT man sie sich wenn man
  zu leichtsinnig zu ugeschuetzt  verkehrt.

PGP public key &  Homepage   :  http://www.uni-hohenheim.de/~feiler