[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Implicit kadmin privs for pricipals


the kadmind man page says:
"Principals are always allowed to change their own password and list
their own principal."

Listing does not work in our version on Heimdal (an old snapshot):

/opt/heimdal/sbin/kadmin -p alfw list  alfw
alfw@SLAC.STANFORD.EDU's Password:
kadmin: get alfw: Operation requires `get' privilege

Looking through heimdal-20070117, the code in lib/kadm5/acl.c has
not changed compared to our version.

Is there something broken?

Many thanks,

  Alf Wachsmann                       | e-mail: alfw@slac.stanford.edu
  SLAC - Scientific Computing         | Phone:  +1-650-926-4802
  2575 Sand Hill Road, M/S 97         | FAX:    +1-650-926-3329
  Menlo Park, CA 94025, USA           | Office: Bldg. 50/323
                http://www.slac.stanford.edu/~alfw (PGP)