[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Should kadmin ask for password



Hi, Love!Sorry for late reply.
On 12/7/06, Love Hörnquist Åstrand <lha@kth.se> wrote:> 6 dec 2006 kl. 23.39 skrev Hai Zaar:>> > since I do not have kadmin/admin credential in cache.>> it will ask you for you password since the principal in the credental> cache> doesn't match what it think its the default (your principal with /> admin added).>> If you specify the principal with -p it should work just fine.But after 2 month in production, I can confirm that your patch worksjust fine. Thanks again!It will be great to have it included in upcoming heimdal-0.8.

>> $ kinit> lha@SU.SE's Password:> $ klist> Credentials cache: FILE:krb5cc_501>          Principal: lha@SU.SE>>    Issued           Expires          Principal> Dec  7 00:04:57  Dec  7 10:06:00  krbtgt/SU.SE@SU.SE> Dec  7 00:04:58  Dec  7 10:06:00  afs@SU.SE>> $ kadmin -p lha> kadmin> get lha>              Principal: lha@SU.SE> [...]> kadmin> ext -k /tmp/kaka host/nutcracker.it.su.se> kadmin> exit> $ klist> Credentials cache: FILE:krb5cc_501>          Principal: lha@SU.SE>>    Issued           Expires          Principal> Dec  7 00:04:57  Dec  7 10:06:00  krbtgt/SU.SE@SU.SE> Dec  7 00:04:58  Dec  7 10:06:00  afs@SU.SE> Dec  7 00:05:07  Dec  7 01:05:07  kadmin/admin@SU.SE> $ kinit -t FILE:/tmp/kaka host/nutcracker.it.su.se@SU.SE> $ klist> Credentials cache: FILE:krb5cc_501>          Principal: host/nutcracker.it.su.se@SU.SE>>    Issued           Expires          Principal> Dec  7 00:11:33  Dec  7 10:12:36  krbtgt/SU.SE@SU.SE> Dec  7 00:11:34  Dec  7 10:12:36  afs@SU.SE>>>> with!
 this in the acl file:>> $ grep ^lha@ /var/heimdal/kadmind.acl> lha@SU.SE               get                     lha@SU.SE> lha@SU.SE               add,get,modify,cpw,del  host/nutcracker.it.su.se>>> Love>>>>>

-- Zaar