Streamlining host principal keytab provisioning?
Sebastian Galiano
Sebastian.Galiano at spilgames.com
Thu May 10 04:11:12 EDT 2012
It's working!! :) ...I had to reboot kadmind! That was the problem. Now i can get keytabs! . My next step is to create a puppet recipe to automatize all the process and to packet-ize wallet so it is easier to install it. I will also try to write a how-to, which i can send to you once is done.
________________________________________
From: Russ Allbery [rra at stanford.edu]
Sent: 03 May 2012 18:01
To: Sebastian Galiano
Cc: Jeff Blaine; kerberos at mit.edu
Subject: Re: Streamlining host principal keytab provisioning?
Sebastian Galiano <Sebastian.Galiano at spilgames.com> writes:
> First I will like to add a user to the ADMIN ACL , for that purpose I
> modified the remctl.conf and substituted each line with ANYUSER for the
> path to a ACL file.
That won't help. I'm afraid you're confusing the remctl ACLs and the
wallet ACLs. The ADMIN ACL for wallet is stored in the database. You
would have added one user to the ADMIN ACL when you used wallet-admin to
create the database. That user can add other users over protocol with:
wallet acl add ADMIN krb5 <principal>
You can also pretend to be that user and add more users directly on the
server with:
env REMOTE_USER=<admin-user> wallet-backend acl add ADMIN krb5 <princpal>
Just leave the remctl ACLs alone. You shouldn't ever need to change them
once you've gotten things installed.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list