Streamlining host principal keytab provisioning?

Sebastian Galiano Sebastian.Galiano at spilgames.com
Tue May 8 02:34:21 EDT 2012


I fixed that error!! :) . The remctl ACL was incorrect it was pointing to the wallet-acl file when i was having problem with the ACL. I changed it in order to make some tests and then when I reinstalled and reconfigured I forgot to change it back . Now is pointing to ANYONE so It let me create and admin user, but still not keytab creation.
Wheny I try:
$ wallet create keytab nfs/host.domain.org
wallet: keytab object implementation not configured

The remctl server says:

remctld: child 32600 for xxx.xxx.xxx.xxx
remctld: received context token (size=649)
remctld: sending context token (size=156)
remctld: accepted connection from USER at REALM (protocol 2)
remctld: argc is 4
remctld: arg 1 has length 6
remctld: arg 2 has length 6
remctld: arg 3 has length 6
remctld: arg 4 has length 29
remctld: COMMAND from USER at REALM: wallet create keytab nfs/host.dormain.org
remctld: quit received, closing connection
remctld: child 32600 done


________________________________________
From: Russ Allbery [rra at stanford.edu]
Sent: 07 May 2012 18:20
To: Sebastian Galiano
Cc: Jeff Blaine; kerberos at mit.edu
Subject: Re: Streamlining host principal keytab provisioning?

Sebastian Galiano <Sebastian.Galiano at spilgames.com> writes:

> The USER at REALM was exactly the user I used to execute the command
> 'wallet-admin initialize USER at REALM'.

> After that I tried to create and object using :

>    wallet create keytab nfs/host.domain.org

> I keep on having an : wallet: Access denied and the remctl server says:

> remctld: COMMAND from USER at REALM: wallet create keytab nfs/host.domain.org
> remctld: access denied: user  USER at REALM, command wallet create

Hm, okay, maybe I'm wrong and this is a remctl ACL problem.  What does
your remctl configuration say for the wallet command?

--
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list