kadmin remote as a regular user

Rainer Krienke krienke at uni-koblenz.de
Thu Apr 2 03:02:46 EDT 2015


Am 01.04.2015 um 18:04 schrieb Benjamin Kaduk:
> On Wed, 1 Apr 2015, Rainer Krienke wrote:
> 
>> The ACL file /var/lib/kerberos/krb5kdc/kadm5.acl on the server looks
>> like this:
>> #
>> admin/admin     *
>> kadmin/admin    *
>> kadmin/admin at MYREALM.DE     *
>> john/admin	*
>> john/admin at MYREALM.DE    *
> 
> Did you restart kadmind after changing the kadm5.acl?
> 
> -Ben Kaduk
> 

Hello Ben,

thanks for the hint. I did restart using the init scripts in
/etc/init.d/  krb524d  and krb5kdc but actually didn't see that there is
one more that needs to be restarted after ACL changes:
/etc/init.d/kadmind :-;

Now kadmin works as expected.

Thank you Ben and everyone else who replied very much for your help.

Rainer
-- 
Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse  1
56070 Koblenz, http://userpages.uni-koblenz.de/~krienke, Tel: +49261287 1312
PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html,Fax: +49261287
1001312

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5065 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20150402/72b0efb4/attachment.bin


More information about the Kerberos mailing list