Streamlining host principal keytab provisioning?
Sebastian Galiano
Sebastian.Galiano at spilgames.com
Tue May 8 02:34:21 EDT 2012
I fixed that error!! :) . The remctl ACL was incorrect it was pointing to the wallet-acl file when i was having problem with the ACL. I changed it in order to make some tests and then when I reinstalled and reconfigured I forgot to change it back . Now is pointing to ANYONE so It let me create and admin user, but still not keytab creation.
Wheny I try:
$ wallet create keytab nfs/host.domain.org
wallet: keytab object implementation not configured
The remctl server says:
remctld: child 32600 for xxx.xxx.xxx.xxx
remctld: received context token (size=649)
remctld: sending context token (size=156)
remctld: accepted connection from USER at REALM (protocol 2)
remctld: argc is 4
remctld: arg 1 has length 6
remctld: arg 2 has length 6
remctld: arg 3 has length 6
remctld: arg 4 has length 29
remctld: COMMAND from USER at REALM: wallet create keytab nfs/host.dormain.org
remctld: quit received, closing connection
remctld: child 32600 done
________________________________________
From: Russ Allbery [rra at stanford.edu]
Sent: 07 May 2012 18:20
To: Sebastian Galiano
Cc: Jeff Blaine; kerberos at mit.edu
Subject: Re: Streamlining host principal keytab provisioning?
Sebastian Galiano <Sebastian.Galiano at spilgames.com> writes:
> The USER at REALM was exactly the user I used to execute the command
> 'wallet-admin initialize USER at REALM'.
> After that I tried to create and object using :
> wallet create keytab nfs/host.domain.org
> I keep on having an : wallet: Access denied and the remctl server says:
> remctld: COMMAND from USER at REALM: wallet create keytab nfs/host.domain.org
> remctld: access denied: user USER at REALM, command wallet create
Hm, okay, maybe I'm wrong and this is a remctl ACL problem. What does
your remctl configuration say for the wallet command?
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list