<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2600.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>check your kadm5.acl</FONT></DIV>
<DIV><FONT face=Arial size=2>it should contain something like the
following:</FONT></DIV>
<DIV><FONT face=Arial size=2><A
href="mailto:admin/admin@TEST.COM">admin/admin@TEST.COM</A>
*</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>it is build like this:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Pricipal and what the principal is allowed to
do.</FONT></DIV>
<DIV><FONT face=Arial size=2>Wildcars are allowed.</FONT></DIV>
<DIV><FONT face=Arial size=2>So */admin is also possible. And you should be
aware of the principal that starts kadmin.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Klaas</FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=sarathakn@hotpop.com href="mailto:sarathakn@hotpop.com">saratha</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=kerberos@mit.edu
href="mailto:kerberos@mit.edu">kerberos@mit.edu</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, August 05, 2002 11:10
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> problem in adding principal
using kadmin from kerberized server</DIV>
<DIV><BR></DIV>
<DIV><FONT face=Arial size=2>hello all,</FONT></DIV>
<DIV><FONT face=Arial size=2>
i am having a problem in using kerberos kadmin to add
principal in database, from kerberized server. The steps i followed to setup
the master KDC are</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>1. kdb5_util create -r TEST.COM
-s</FONT></DIV>
<DIV><FONT face=Arial size=2>2. kadmin.local -q "addprinc <A
href="mailto:admin/admin@TEST.COM">admin/admin@TEST.COM</A>"</FONT></DIV>
<DIV><FONT face=Arial size=2>3. In kadmin.local: </FONT></DIV>
<DIV><FONT face=Arial size=2>
ktadd -k /usr/local/var/krb5kdc/kadm5.keytab kadmin/admin
kadmin/changepw</FONT></DIV>
<DIV><FONT face=Arial size=2>4. started krb5kdc and
kadmind</FONT></DIV>
<DIV><FONT face=Arial size=2>5. In kdc.conf i added entry for kadm5.keytab
location as</FONT></DIV>
<DIV><FONT face=Arial size=2>
admin_keytab=FILE:/usr/local/var/krb5kdc/kadm5.keytab </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>No problem in KDC.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>But when i try to add principal from kerberized
server I got an error from kadmin as</FONT></DIV>
<DIV><FONT face=Arial size=2> Operation requires ``list''
privilege while retrieving list when using listprincs</FONT></DIV>
<DIV><FONT face=Arial size=2> Operation requires
``add' privilege while adding. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> I am having kadm5.acl in
/var/kerberos/krb5kdc/ and also having entry in kdc.conf.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> What is the problem? Anything could
be added in adm5.acl?</FONT></DIV>
<DIV><FONT face=Arial size=2> </FONT></DIV>
<DIV> <FONT face=Arial size=2>advance thanks</FONT></DIV>
<DIV><FONT face=Arial size=2>saratha</FONT></DIV></BLOCKQUOTE></BODY></HTML>