<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2600.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi saratha,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>your kadm5.acl is located in
/usr/local/var/krb5kdc/</FONT></DIV>
<DIV><FONT face=Arial size=2>and your kdc.conf in /var/kerberos/krb5kdc as you
described in the other mail.</FONT></DIV>
<DIV><FONT face=Arial size=2>maybe you got something messed with these
paths?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>And try to remove the FILE: for admin_keytab in
kdc.conf</FONT></DIV>
<DIV><FONT face=Arial size=2>so it should like: admin_keytab :
/usr/local/var/krb5kdc/kadm5.keytab</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>And try to use all the kerberos-stuff in the
standart-path /usr/local/var/krb5kdc/ if the first points do not
help.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Klaas</FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=sarathakn@hotpop.com href="mailto:sarathakn@hotpop.com">saratha</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=klaas@northsailor.de
href="mailto:klaas@northsailor.de">klaas hagemann</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Cc:</B> <A title=kerberos@mit.edu
href="mailto:kerberos@mit.edu">kerberos@mit.edu</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, August 06, 2002 2:01
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: problem in adding principal
using kadmin from kerberized server</DIV>
<DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT><FONT
face=Arial size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><FONT face=Arial size=2></FONT><BR></DIV>
<DIV><FONT face=Arial size=2>I am having entries in kadm5.acl as <A
href="mailto:admin/admin@TEST.COM">admin/admin@TEST.COM</A>. And kdc.conf
contains the path for kadm5.acl. But still the problem
exists.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>-saratha</FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=klaas@northsailor.de href="mailto:klaas@northsailor.de">klaas
hagemann</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=sarathakn@hotpop.com
href="mailto:sarathakn@hotpop.com">saratha</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Cc:</B> <A title=kerberos@mit.edu
href="mailto:kerberos@mit.edu">kerberos@mit.edu</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, August 06, 2002 6:41
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: problem in adding
principal using kadmin from kerberized server</DIV>
<DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT><FONT
face=Arial size=2></FONT><FONT face=Arial size=2></FONT><FONT face=Arial
size=2></FONT><BR></DIV>
<DIV><FONT face=Arial size=2>check your kadm5.acl</FONT></DIV>
<DIV><FONT face=Arial size=2>it should contain something like the
following:</FONT></DIV>
<DIV><FONT face=Arial size=2><A
href="mailto:admin/admin@TEST.COM">admin/admin@TEST.COM</A>
*</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>it is build like this:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Pricipal and what the principal is allowed
to do.</FONT></DIV>
<DIV><FONT face=Arial size=2>Wildcars are allowed.</FONT></DIV>
<DIV><FONT face=Arial size=2>So */admin is also possible. And you should be
aware of the principal that starts kadmin.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Klaas</FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=sarathakn@hotpop.com
href="mailto:sarathakn@hotpop.com">saratha</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=kerberos@mit.edu
href="mailto:kerberos@mit.edu">kerberos@mit.edu</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, August 05, 2002 11:10
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> problem in adding principal
using kadmin from kerberized server</DIV>
<DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT><FONT
face=Arial size=2></FONT><FONT face=Arial size=2></FONT><BR></DIV>
<DIV><FONT face=Arial size=2>hello all,</FONT></DIV>
<DIV><FONT face=Arial size=2>
i am having a problem in using kerberos kadmin to add
principal in database, from kerberized server. The steps i followed to
setup the master KDC are</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>1. kdb5_util create -r TEST.COM
-s</FONT></DIV>
<DIV><FONT face=Arial size=2>2. kadmin.local -q "addprinc <A
href="mailto:admin/admin@TEST.COM">admin/admin@TEST.COM</A>"</FONT></DIV>
<DIV><FONT face=Arial size=2>3. In kadmin.local: </FONT></DIV>
<DIV><FONT face=Arial size=2>
ktadd -k /usr/local/var/krb5kdc/kadm5.keytab
kadmin/admin kadmin/changepw</FONT></DIV>
<DIV><FONT face=Arial size=2>4. started krb5kdc and
kadmind</FONT></DIV>
<DIV><FONT face=Arial size=2>5. In kdc.conf i added entry for kadm5.keytab
location as</FONT></DIV>
<DIV><FONT face=Arial size=2>
admin_keytab=FILE:/usr/local/var/krb5kdc/kadm5.keytab </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>No problem in KDC.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>But when i try to add principal from
kerberized server I got an error from kadmin as</FONT></DIV>
<DIV><FONT face=Arial size=2> Operation requires
``list'' privilege while retrieving list when using
listprincs</FONT></DIV>
<DIV><FONT face=Arial size=2> Operation requires
``add' privilege while adding. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> I am having kadm5.acl in
/var/kerberos/krb5kdc/ and also having entry in kdc.conf.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> What is the problem? Anything
could be added in adm5.acl?</FONT></DIV>
<DIV><FONT face=Arial size=2> </FONT></DIV>
<DIV> <FONT face=Arial size=2>advance thanks</FONT></DIV>
<DIV><FONT face=Arial
size=2>saratha</FONT></DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>