[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kadmin prompts for passwd

> Er, that's how it's supposed to work and how it has always worked.  If

Nope. That's not how it used to work.

> you really do want to put your KDC at risk in the name of convenience,
> use "kinit -S kadmin/admin foo/admin" to get a ticket that will enable

And I definitely never did this (this is on another realm):

foo@host 23:07:32 ~> kdestroy
foo@host 23:07:32 ~> kinit foo/admin
foo/admin@TFY.UTU.FI's Password: 
foo@host 23:07:44 ~> kadmin get bar
            Principal: bar@REALM

> password-less kadmin (and likewise enable it for anyone who can get at
> your ticket file --- which is why kadmin prompts).

Ok. I can see the point here. But now I'm troubled: you claim it always asks 
and has always asked password, but it is not what I observe. Either of the 
realms must have something very strange going on. From your reply, it sounds 
like the one which does not ask for passwords is behaving strangely. Only the 
question "why" remains!

BTW, I rather liked the single-sign-on -behaviour of Heimdal, including 
kadmin, but you raised a good point and I'll need to reconsider.


		| Juha Jäykkä, juolja@utu.fi			|
		| home: http://www.utu.fi/~juolja/		|

Content-Type: application/pgp-signature; nameÂgnature.asc
Content-Description: This is a digitally signed message part.

Version: GnuPG v1.4.6 (GNU/Linux)