[14637] in Kerberos
Re: kpasswd fails with multiple realms
daemon@ATHENA.MIT.EDU (Rich Jamieson)
Mon Jul 9 05:39:50 2001
From: Richard.Jamieson@db.com (Rich Jamieson)
Date: 9 Jul 2001 02:23:49 -0700
Message-ID: <2a497a.0107090123.b47e97c@posting.google.com>
To: kerberos@MIT.EDU
Cat k5adm.acl
fred/admin@RICHJAM.COM c fred/admin@RICHJAM.COM
Now "fred" can run the command:
kadmin -p fred/admin@RICHJAM.COM -r RICHJAM.COM -q "cpw fred/admin"
This makes "fred" and "admin" user in the "RICHJAM.COM" realm but all
he can do with "kadmain" is change his own password. - see "man
kadmind".
PS - This is one way to get round the multiple-realms-on-same-system
"kpasswd" problem. But I dont think im going to use this solution.
Until there's a bug-fix, I think Im going to choose the option to
compile up a second version of kadmind.
RichJ
turbo@bayour.com (Turbo Fredriksson) wrote in message news:<87bsmzpnbl.fsf@papadoc.bayour.com>...
> >>>>> "Rich" == Rich Jamieson <Richard.Jamieson@db.com> writes:
>
> Rich> you can fiddle with k5adm.acl to make sure that users can only
> Rich> change their own passwords.
>
> Could you give me some examples on this? I'm still quite new to Kerberos
> administration...
>
> --
> Turbo __ _ Debian GNU Unix _IS_ user friendly - it's just
> ^^^^^ / /(_)_ __ _ ___ __ selective about who its friends are
> / / | | '_ \| | | \ \/ / Debian Certified Linux Developer
> _ /// / /__| | | | | |_| |> < Turbo Fredriksson turbo@tripnet.se
> \\\/ \____/_|_| |_|\__,_/_/\_\ Stockholm/Sweden
>
> Cuba Ortega BATF explosion congress counter-intelligence quiche [Hello
> to all my fans in domestic surveillance] domestic disruption terrorist
> Nazi DES class struggle supercomputer security
> [See http://www.aclu.org/echelonwatch/index.html for more about this]
