problem in adding principal using kadmin from kerberized server

klaas hagemann klaas at northsailor.de
Wed Aug 7 03:54:54 EDT 2002 

Hi saratha,

your kadm5.acl is located in /usr/local/var/krb5kdc/
and your kdc.conf in /var/kerberos/krb5kdc as you described in the other mail.
maybe you got something messed with these paths?

And try to remove the FILE: for admin_keytab in kdc.conf
so it should like: admin_keytab : /usr/local/var/krb5kdc/kadm5.keytab

And try to use all the kerberos-stuff in the standart-path /usr/local/var/krb5kdc/ if the first points do not help.

Klaas
  ----- Original Message ----- 
  From: saratha 
  To: klaas hagemann 
  Cc: kerberos at mit.edu 
  Sent: Tuesday, August 06, 2002 2:01 AM
  Subject: Re: problem in adding principal using kadmin from kerberized server


  I am having entries in kadm5.acl  as admin/admin at TEST.COM. And kdc.conf contains the path for kadm5.acl. But still the problem exists.

  -saratha
    ----- Original Message ----- 
    From: klaas hagemann 
    To: saratha 
    Cc: kerberos at mit.edu 
    Sent: Tuesday, August 06, 2002 6:41 PM
    Subject: Re: problem in adding principal using kadmin from kerberized server


    check your kadm5.acl
    it should contain something like the following:
    admin/admin at TEST.COM    *

    it is build like this:

    Pricipal and what the principal is allowed to do.
    Wildcars are allowed.
    So */admin is also possible. And you should be aware of the principal that starts kadmin.

    Klaas
      ----- Original Message ----- 
      From: saratha 
      To: kerberos at mit.edu 
      Sent: Monday, August 05, 2002 11:10 PM
      Subject: problem in adding principal using kadmin from kerberized server


      hello all,
                  i am having a problem in using kerberos kadmin to add principal in database, from kerberized server. The steps i followed to setup the master KDC are

      1. kdb5_util create -r TEST.COM -s
      2. kadmin.local -q "addprinc admin/admin at TEST.COM"
      3. In kadmin.local: 
                  ktadd -k /usr/local/var/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
      4. started  krb5kdc and kadmind
      5. In kdc.conf i added entry for kadm5.keytab location as
              admin_keytab=FILE:/usr/local/var/krb5kdc/kadm5.keytab 

      No problem in KDC.

      But when i try to add principal from kerberized server I got an error from kadmin as
          Operation requires ``list'' privilege while retrieving list when using listprincs
           Operation requires ``add' privilege while adding. 

       I am having kadm5.acl in /var/kerberos/krb5kdc/ and also having entry in kdc.conf.

       What is the problem?  Anything could be added in adm5.acl?
          
       advance thanks
      saratha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/kerberos/attachments/20020807/5abe64f3/attachment.htm

More information about the Kerberos mailing list