problem in adding principal using kadmin from kerberized server

[klaas hagemann]

check your kadm5.acl
it should contain something like the following:
admin/admin at TEST.COM    *

it is build like this:

Pricipal and what the principal is allowed to do.
Wildcars are allowed.
So */admin is also possible. And you should be aware of the principal that starts kadmin.

Klaas
  ----- Original Message ----- 
  From: saratha 
  To: kerberos at mit.edu 
  Sent: Monday, August 05, 2002 11:10 PM
  Subject: problem in adding principal using kadmin from kerberized server


  hello all,
              i am having a problem in using kerberos kadmin to add principal in database, from kerberized server. The steps i followed to setup the master KDC are

  1. kdb5_util create -r TEST.COM -s
  2. kadmin.local -q "addprinc admin/admin at TEST.COM"
  3. In kadmin.local: 
              ktadd -k /usr/local/var/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
  4. started  krb5kdc and kadmind
  5. In kdc.conf i added entry for kadm5.keytab location as
          admin_keytab=FILE:/usr/local/var/krb5kdc/kadm5.keytab 

  No problem in KDC.

  But when i try to add principal from kerberized server I got an error from kadmin as
      Operation requires ``list'' privilege while retrieving list when using listprincs
       Operation requires ``add' privilege while adding. 

   I am having kadm5.acl in /var/kerberos/krb5kdc/ and also having entry in kdc.conf.

   What is the problem?  Anything could be added in adm5.acl?
      
   advance thanks
  saratha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/kerberos/attachments/20020806/624cf103/attachment.htm