kadmin remote as a regular user
Rainer Krienke
krienke at uni-koblenz.de
Thu Apr 2 03:02:46 EDT 2015
Am 01.04.2015 um 18:04 schrieb Benjamin Kaduk:
> On Wed, 1 Apr 2015, Rainer Krienke wrote:
>
>> The ACL file /var/lib/kerberos/krb5kdc/kadm5.acl on the server looks
>> like this:
>> #
>> admin/admin *
>> kadmin/admin *
>> kadmin/admin at MYREALM.DE *
>> john/admin *
>> john/admin at MYREALM.DE *
>
> Did you restart kadmind after changing the kadm5.acl?
>
> -Ben Kaduk
>
Hello Ben,
thanks for the hint. I did restart using the init scripts in
/etc/init.d/ krb524d and krb5kdc but actually didn't see that there is
one more that needs to be restarted after ACL changes:
/etc/init.d/kadmind :-;
Now kadmin works as expected.
Thank you Ben and everyone else who replied very much for your help.
Rainer
--
Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1
56070 Koblenz, http://userpages.uni-koblenz.de/~krienke, Tel: +49261287 1312
PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html,Fax: +49261287
1001312
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5065 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20150402/72b0efb4/attachment.bin
More information about the Kerberos
mailing list