problem in adding principal using kadmin from kerberized server

saratha sarathakn at hotpop.com
Mon Aug 5 20:01:13 EDT 2002


I am having entries in kadm5.acl  as admin/admin at TEST.COM. And kdc.conf contains the path for kadm5.acl. But still the problem exists.

-saratha
  ----- Original Message ----- 
  From: klaas hagemann 
  To: saratha 
  Cc: kerberos at mit.edu 
  Sent: Tuesday, August 06, 2002 6:41 PM
  Subject: Re: problem in adding principal using kadmin from kerberized server


  check your kadm5.acl
  it should contain something like the following:
  admin/admin at TEST.COM    *

  it is build like this:

  Pricipal and what the principal is allowed to do.
  Wildcars are allowed.
  So */admin is also possible. And you should be aware of the principal that starts kadmin.

  Klaas
    ----- Original Message ----- 
    From: saratha 
    To: kerberos at mit.edu 
    Sent: Monday, August 05, 2002 11:10 PM
    Subject: problem in adding principal using kadmin from kerberized server


    hello all,
                i am having a problem in using kerberos kadmin to add principal in database, from kerberized server. The steps i followed to setup the master KDC are

    1. kdb5_util create -r TEST.COM -s
    2. kadmin.local -q "addprinc admin/admin at TEST.COM"
    3. In kadmin.local: 
                ktadd -k /usr/local/var/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
    4. started  krb5kdc and kadmind
    5. In kdc.conf i added entry for kadm5.keytab location as
            admin_keytab=FILE:/usr/local/var/krb5kdc/kadm5.keytab 

    No problem in KDC.

    But when i try to add principal from kerberized server I got an error from kadmin as
        Operation requires ``list'' privilege while retrieving list when using listprincs
         Operation requires ``add' privilege while adding. 

     I am having kadm5.acl in /var/kerberos/krb5kdc/ and also having entry in kdc.conf.

     What is the problem?  Anything could be added in adm5.acl?
        
     advance thanks
    saratha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/kerberos/attachments/20020806/d49cd8d8/attachment.htm


More information about the Kerberos mailing list