[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Should kadmin ask for password

To: "=?UTF-8?Q?Love_H=C3=B6rnquist_=C3=85strand?=" <lha@kth.se>
Subject: Re: Should kadmin ask for password
From: "Hai Zaar" <haizaar@gmail.com>
Date: Wed, 5 Dec 2007 11:10:25 +0200
Cc: heimdal-discuss@sics.se
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=tGlhVj/KU3vZjcV+dY8IWB/AyJyYoeVc8Hw1Q/4s54Q=; b=JsDOhJ+Araq/pkZgp1KEPeiiCwVRoSiy4WpgL50dh1FpwReiuA2FAEM3omXODiyrxghfPNmpbVyA6tR66JV9VRbRTYKlj7QoxGNFn0qGHDF0mV+mKJ7kL22tL7BF8lmTT+GeBGLSUP8ZMaImTRiUD0lpwSvLkj52FyBT99gq+9o=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=UWHl9gcZotMzSxP1HHdiY3pg8ePTIo8+cNmXYjCe68KWr9em8knl7C7YtNDGsfy1eKlcI5yz45AiGEOWRowhn8JxcWuWXNK6qTChNAyt4orNJfLk7GOpj8Mp7i4SmLQq6YJiSn3L5Zw+MUjkidZAYBpXN0ZPhWogdZ6rw2Q7QfQ=
In-Reply-To: <45975C48-E8B5-426D-8627-369E8FEA29B0@kth.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <cfb54190611161000s2bd18f24j529dcb4857e68d37@mail.gmail.com> <75C09B2B-F942-4053-94FF-736F9A11F7F8@kth.se> <cfb54190612060516k762c4559j477af92615f2c6c0@mail.gmail.com> <DF0F8EE9-1A23-4CDA-87A1-6E837B0E291B@kth.se> <cfb54190612061439p3c14dfcbpdd248880ce321d8a@mail.gmail.com> <0C11B58F-1E19-4A9C-BEAD-7B2CC9A2F44C@kth.se> <cfb54190702280501l3ad454c9n63935562ecc23b46@mail.gmail.com> <42FC943A-C73E-466D-8CB5-8E277034A16D@kth.se> <cfb54190711200421i60f5a416j3db19661f86803c2@mail.gmail.com> <45975C48-E8B5-426D-8627-369E8FEA29B0@kth.se>
Reply-To: heimdal-discuss@sics.se, "Hai Zaar" <haizaar@gmail.com>

On Dec 5, 2007 7:19 AM, Love HĂ¶rnquist Ă…strand <lha@kth.se> wrote:
> Hello Hai,
>
> Yes, I re-added the bug somewhere inbetween to fix another problem
> with the patch.
>
> Can you check if 1.0.2-RC5 fixes your problem, I think it should.
No luck :(
Attaching working patch for 1.0.1. I've actually merged 0.7.2 patch
you've cooked in March without really understanding what's going on.

>
> Love
>
>
>
> 20 nov 2007 kl. 04.21 skrev Hai Zaar:
>
>
> > It looks like the bug is back. In the nutshell.
> >
> > #> kinit haizaar
> > haizaar@DOMAIN.COM password:
> > #> kadmin -p haizaar list haizaar
> > haizaar@DOMAIN.COM password:
> > Love cooked a patch to alter kadmin behavior - if principal is
> > specified explicitly, then use it and do not add /admin, etc.
> > (http://www.mail-archive.com/heimdal-discuss@sics.se/msg00168.html)
> > It looks like the patch was merged upstream.
> >
> > Although now I'm migrating from 0.7.2 to heimdal-1.0.1 and the problem
> > popped out again.
> >
> > Here is the thead
> >
> >
> > On Apr 21, 2007 10:17 PM, Love HĂ¶rnquist Ă…strand <lha@kth.se> wrote:
> >> Hello Hai,
> >>
> >> Check old marked email., Did I manged to include the delta in the
> >> heimdal 0.8(.1) release ?
> >>
> >> Love
> >>
> >>
> >> 28 feb 2007 kl. 14.01 skrev Hai Zaar:
> >>
> >>
> >>> Hi, Love!
> >>> Sorry for late reply.
> >>>
> >>> On 12/7/06, Love HĂ¶rnquist Ă…strand <lha@kth.se> wrote:
> >>>> 6 dec 2006 kl. 23.39 skrev Hai Zaar:
> >>>>
> >>>>> since I do not have kadmin/admin credential in cache.
> >>>>
> >>>> it will ask you for you password since the principal in the
> >>>> credental
> >>>> cache
> >>>> doesn't match what it think its the default (your principal with /
> >>>> admin added).
> >>>>
> >>>> If you specify the principal with -p it should work just fine.
> >>> But after 2 month in production, I can confirm that your patch works
> >>> just fine. Thanks again!
> >>> It will be great to have it included in upcoming heimdal-0.8.
> >>>
> >>>
> >>>>
> >>>> $ kinit
> >>>> lha@SU.SE's Password:
> >>>> $ klist
> >>>> Credentials cache: FILE:krb5cc_501
> >>>>         Principal: lha@SU.SE
> >>>>
> >>>>   Issued           Expires          Principal
> >>>> Dec  7 00:04:57  Dec  7 10:06:00  krbtgt/SU.SE@SU.SE
> >>>> Dec  7 00:04:58  Dec  7 10:06:00  afs@SU.SE
> >>>>
> >>>> $ kadmin -p lha
> >>>> kadmin> get lha
> >>>>             Principal: lha@SU.SE
> >>>> [...]
> >>>> kadmin> ext -k /tmp/kaka host/nutcracker.it.su.se
> >>>> kadmin> exit
> >>>> $ klist
> >>>> Credentials cache: FILE:krb5cc_501
> >>>>         Principal: lha@SU.SE
> >>>>
> >>>>   Issued           Expires          Principal
> >>>> Dec  7 00:04:57  Dec  7 10:06:00  krbtgt/SU.SE@SU.SE
> >>>> Dec  7 00:04:58  Dec  7 10:06:00  afs@SU.SE
> >>>> Dec  7 00:05:07  Dec  7 01:05:07  kadmin/admin@SU.SE
> >>>> $ kinit -t FILE:/tmp/kaka host/nutcracker.it.su.se@SU.SE
> >>>> $ klist
> >>>> Credentials cache: FILE:krb5cc_501
> >>>>         Principal: host/nutcracker.it.su.se@SU.SE
> >>>>
> >>>>   Issued           Expires          Principal
> >>>> Dec  7 00:11:33  Dec  7 10:12:36  krbtgt/SU.SE@SU.SE
> >>>> Dec  7 00:11:34  Dec  7 10:12:36  afs@SU.SE
> >>>>
> >>>>
> >>>>
> >>>> with this in the acl file:
> >>>>
> >>>> $ grep ^lha@ /var/heimdal/kadmind.acl
> >>>> lha@SU.SE               get                     lha@SU.SE
> >>>> lha@SU.SE               add,get,modify,cpw,del  host/
> >>>> nutcracker.it.su.se
> >>>>
> >>>>
> >>>> Love
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>> --
> >>> Zaar
> >>
> >>
> >
> >
> >
> > --
> > Zaar
>
>



-- 
Zaar

heimdal-1.0.1-kadmin-do-not-mess-with-instance-3.patch

References:
- Re: Should kadmin ask for password
  - From: Love Hörnquist Ĺstrand <lha@kth.se>

Prev by Date: Fisheye is not working
Next by Date: FSH compliance.
Prev by thread: Re: Should kadmin ask for password
Next by thread: Client expired
Index(es):
- Date
- Thread