[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal-0.7.1rc2 // hoh.2

To: Love Hörnquist Åstrand <lha@kth.se>
Subject: Re: heimdal-0.7.1rc2 // hoh.2
From: Mathias Feiler <feiler@uni-hohenheim.de>
Date: Sat, 13 Aug 2005 02:11:11 +0200 (MET DST)
Cc: heimdal discusion list <heimdal-discuss@sics.se>, "Dr.Dieter Mack" <mack@uni-hohenheim.de>, Harald Genzel <genzel@uni-hohenheim.de>
In-Reply-To: <amk6irm9py.fsf@nutcracker.it.su.se>
References: <amzmroqybo.fsf@nutcracker.it.su.se><Pine.GSO.4.53.0508121502160.7952@maren2.rz.uni-hohenheim.de><amk6irm9py.fsf@nutcracker.it.su.se>
Sender: owner-heimdal-discuss@sics.se


Hello list member , hello Love!

The context is still the same .

On Fri, 12 Aug 2005, Love Hörnquist Åstrand wrote:
|
|kadmind requires initial credential, so you if you want to not type the
|password for each requests, you have to get initial tickets before trying.
|
|kinit -S kadmin/admin@SU.SE -p lha/admin@SU.SE
|kadmin -p lha/admin

Thank You very much for your fast responce!
Yes, You are right, for "user/admin" Your hint works fine.

But (maybe I'm totaly mixed) I think it is still not perfect
since I can't manage to get the same result w/o the 'admin' instance.

All I want/need is this :
(1) auhthenticate as a user known to be afsadmin (and kerberos admin)
(2) do 'bulk' operation  to both , the afs-world AND kerberos.
We need this for set up or remove bundle of users.
The AFS-ACL, the Fileserver and the PTS still know the  afsadmins, so I
try  to adjust the new component 'heimdal' to fit in as a replace for
KAS.

Here you can see what i got, maybe I have an other stupid error :

-----------------------8<-----------------------8<-----------------------
# cat /var/heimdal/kadmind.acl
admin/admin     all
user1/admin     all
feiler          all
rzfeiler        all

# kinit -S kadmin/admin@UNI-HOHENHEIM.DE -p feiler
feiler@UNI-HOHENHEIM.DE's Password:
# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: feiler@UNI-HOHENHEIM.DE

  Issued           Expires          Principal
Aug 13 00:00:15  Aug 14 01:00:15  kadmin/admin@UNI-HOHENHEIM.DE

# # # No AFS-ticket any more.

# kadmin -p feiler list '*feiler*'
feiler@UNI-HOHENHEIM.DE's Password:
feiler
feilert
rzfeiler

# kadmin  list '*feiler*'
feiler/admin@UNI-HOHENHEIM.DE's Password:
kadmin: kadm5_get_principals: Client (feiler/admin@UNI-HOHENHEIM.DE) unknown

# kadmin -p feiler
kadmin> list feiler*
feiler@UNI-HOHENHEIM.DE's Password:
feiler
feilert
kadmin> quit
-----------------------8<-----------------------8<-----------------------

As You see, I'm still asked for a password.
Trying it  with an instance ('user1/admin') works just fine.

I'm somewhat clueless and would be very pleased if one coud give
me a further hint on my bulk-problem.

Thank You!


Fuer Rueckfragen stehe ich Ihnen gerne zur Verfuegung, bevorzuge jedoch
telefonische Kontaktaufnahme ( 3949 oder +49 (0)179 6954907 ).  Danke.


Hochachtungsvoll und mit freundlichen Gruessen   M.Feiler


----
  Mit Computerviren verhaelt es sich so, wie mit verschiedenen
  Geschlechtskrankheiten:  Meist HOLT man sie sich wenn man
  zu leichtsinnig zu ugeschuetzt  verkehrt.

PGP public key &  Homepage   :  http://www.uni-hohenheim.de/~feiler

References:
- heimdal-0.7.1rc2
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: heimdal-0.7.1rc2 // hoh
  - From: Mathias Feiler <feiler@uni-hohenheim.de>
- Re: heimdal-0.7.1rc2 // hoh
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: heimdal-0.7.1rc2 // hoh
Next by Date: Runtime 'make check' for Heimdal?
Prev by thread: Re: heimdal-0.7.1rc2 // hoh
Next by thread: TEST
Index(es):
- Date
- Thread