Streamlining host principal keytab provisioning?
Russ Allbery
rra at stanford.edu
Thu May 3 12:01:11 EDT 2012
Sebastian Galiano <Sebastian.Galiano at spilgames.com> writes:
> First I will like to add a user to the ADMIN ACL , for that purpose I
> modified the remctl.conf and substituted each line with ANYUSER for the
> path to a ACL file.
That won't help. I'm afraid you're confusing the remctl ACLs and the
wallet ACLs. The ADMIN ACL for wallet is stored in the database. You
would have added one user to the ADMIN ACL when you used wallet-admin to
create the database. That user can add other users over protocol with:
wallet acl add ADMIN krb5 <principal>
You can also pretend to be that user and add more users directly on the
server with:
env REMOTE_USER=<admin-user> wallet-backend acl add ADMIN krb5 <princpal>
Just leave the remctl ACLs alone. You shouldn't ever need to change them
once you've gotten things installed.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list