kadmin -c : shouldn't this work?
Ben Poliakoff
benp at reed.edu
Thu Feb 14 09:47:30 EST 2008
* Jeff Blaine <jblaine at kickflop.net> [20080213 23:56]:
> % /usr/rcf-krb5/bin/kinit -p admin/admin
> Password for admin/admin at FOO.COM:
> % /usr/rcf-krb5/sbin/kadmin -c /tmp/krb5cc_26560
> Authenticating as principal admin/admin at FOO.COM with existing
> credentials.
> kadmin: Matching credential not found while initializing kadmin interface
>
The kadmin/admin service usually has the 'DISALLOW_TGT_BASED' attribute
set. If you *really* want to run kadmin off of an existing credential
cache you need to request the a service ticket for the kadmin/admin when
you do the initial kinit, something like this:
kinit -p admin/admin -S kadmin/admin
Ben
--
________________________________________________________________________
PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080214/9365d57e/attachment.bin
More information about the Kerberos
mailing list