Permission denied while initializing kadmin.local interface
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Feb 7 09:40:28 EST 2002
>Em Thu, Feb 07, 2002 at 02:29:06PM +0100, Turbo Fredriksson escreveu:
>> [papadoc.pts/3]$ kadmin -p turbo at BAYOUR.COM
>> Authenticating as principal turbo at BAYOUR.COM with password.
>> Enter password:
>> kadmin:
>> Is there any way 'kadmin' can honnor my ticket?
>
>You mean, by not having to enter a password and using the tgt your
>principal already has? According to the man page, yes, if you have
>a ticket for kadmin/admin.
You'll have to do some digging to discover it, but kadmin/admin is marked
in the default database configuration as a principal that requires an
initial request to get a service ticket for it ... which means you _can't_
get it with your TGT, which means you need to enter in your password
to get it. If you think about it, this is a good thing. You can use
the "-S" flag to kinit to get a ticket for it, but you can't use this
ticket for anything else.
--Ken
More information about the Kerberos
mailing list