[28048] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Passwordless access to kadmin?

daemon@ATHENA.MIT.EDU (Bryan K. Wright)
Tue Jul 17 13:48:48 2007

From: "Bryan K. Wright" <bryan@ayesha.phys.virginia.edu>
Date: Tue, 17 Jul 2007 17:38:09 +0000 (UTC)
Message-ID: <f7iuq1$19n$1@murdoch.acc.Virginia.EDU>
X-Complaints-To: abuse@Virginia.EDU
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Great!  After creating a "webapp/admin" principal and adding
its key to /etc/web.keytab, everything works.  Thanks to
everyone for helping me get this working.

					Bryan

Russ Allbery <rra@stanford.edu> wrote:
> "Bryan K. Wright" <bryan@ayesha.phys.virginia.edu> writes:

>> 	But as a side-effect of this, I can then no longer
>> get into kadmin by typing "kadmin -p root/admin" and supplying
>> a password.  If I try, kadmin tells me the password is bad.

> Yes, when you create a keytab for a principal, it randomizes the
> password.

>> 	What do I need to do to make both of these work?

> Don't use the same account for interactive use and for scripted use.
> Instead, create a new principal for scripted use and add it to kadm5.acl.

> -- 
> Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

-- 
========================================================================
Bryan Wright              |"If you take cranberries and stew them like 
Physics Department        | applesauce, they taste much more like prunes
University of Virginia    | than rhubarb does."  --  Groucho 
Charlottesville, VA  22901|			
(434) 924-7218            |         bryan@virginia.edu
========================================================================
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post