Passwordless access to kadmin?

Bryan K. Wright bryan at ayesha.phys.virginia.edu
Tue Jul 17 13:09:27 EDT 2007


Hi again,

	Here's what I tried:

		kadmin -p root/admin
		ktadd -k /etc/web.keytab root/admin

I can then invoke kadmin via:

		kadmin -p root/admin -k -t /etc/web.keytab

and I get in without a password.

	But as a side-effect of this, I can then no longer
get into kadmin by typing "kadmin -p root/admin" and supplying
a password.  If I try, kadmin tells me the password is bad.
If I use "change_password" to reset the password for the
root/admin principal, I can then again do "kadmin -p root/admin"
(it accepts my password), but then "kadmin -p root/admin -k -t 
/etc/web.keytab" fails.

	What do I need to do to make both of these work?

						Thanks,
						Bryan

Russ Allbery <rra at stanford.edu> wrote:
> "Bryan K. Wright" <bryan at ayesha.phys.virginia.edu> writes:
>> Thanks for your help, but I'm afraid I'm still clueless.  Several people
>> have pointed out that I can store an appropriate key in a keytab file,
>> but can anyone give me some step-by-step instructions on how to do this?
>> By the way, this is MIT Kerberos version 1.6.1.

> kadmin
> # authenticate as a user listed in kadm5.acl on your KDC
> ktadd -k /path/to/keytab name-of-principal at EXAMPLE.COM

> -- 
> Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

-- 
========================================================================
Bryan Wright              |"If you take cranberries and stew them like 
Physics Department        | applesauce, they taste much more like prunes
University of Virginia    | than rhubarb does."  --  Groucho 
Charlottesville, VA  22901|			
(434) 924-7218            |         bryan at virginia.edu
========================================================================



More information about the Kerberos mailing list