list_principals not allowed, acl file not opened?

Julius commercials at gmx.net
Wed Dec 17 12:49:37 EST 2008


On Tue, 2008-12-16 at 19:38 +0100, Julius wrote:
> /usr/local/var/krb5kdc/kdc.conf
> [kdcdefaults]
>         kdc_ports = 750,88
> 
> [realms]
>         LOCALDOMAIN.DE = {
>                 acl_file = /opt/mit-krb5/var/krb5kdc/kadm5.acl
>         }
> 
> 
> 
> /opt/mit-krb5/var/krb5kdc/kadm5.acl
> */admin at LOCALDOMAIN.DE  *
> 
> 
> 
> kadmin -p admin/admin
> Authenticating as principal admin/admin with password.
> Password for admin/admin at LOCALDOMAIN.DE: 
> kadmin:  list_principals
> get_principals: Operation requires ``list'' privilege while retrieving
> list.
> 
> 
> strace ./krb5kdc 2>&1 |grep usr          does not list kdc.conf file?
> 
> 
> what is going wrong here?
> 
> 
> 
> krb5.conf:
> [libdefaults]
>         default_realm = LOCALDOMAIN.DE
> 
> [logging]
>         kdc = FILE:/var/log/krb5-kdc.log
>         admin_server = FILE:/var/log/krb5-kadmin.log
>         default = FILE:/var/log/krb5-default.log
> 
> [realms]
>         LOCALDOMAIN.DE = {
>                 admin_server = night_crawler.localdomain.de
>         }
> 
> 
> 
> 
> 
> greets


package is configured with --localestatedir=/...       the kadm5.acl is
working from there.
On the end of kdc.conf(5) it says:
/usr/local/var/krb5kdc/kdc.conf
is this path maybe changeable with --prefix=?
or why was my kadm5.acl not found?

Julius




More information about the Kerberos mailing list