[28047] in Kerberos
Re: Passwordless access to kadmin?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Jul 17 13:30:16 2007
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <f7it47$l4$1@murdoch.acc.Virginia.EDU> (Bryan K. Wright's message
of "Tue, 17 Jul 2007 17:09:27 +0000 (UTC)")
Date: Tue, 17 Jul 2007 10:29:39 -0700
Message-ID: <87ir8jvszg.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
"Bryan K. Wright" <bryan@ayesha.phys.virginia.edu> writes:
> But as a side-effect of this, I can then no longer
> get into kadmin by typing "kadmin -p root/admin" and supplying
> a password. If I try, kadmin tells me the password is bad.
Yes, when you create a keytab for a principal, it randomizes the
password.
> What do I need to do to make both of these work?
Don't use the same account for interactive use and for scripted use.
Instead, create a new principal for scripted use and add it to kadm5.acl.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos