[29256] in Kerberos

home help back first fref pref prev next nref lref last post

Re: kadmin -c : shouldn't this work?

daemon@ATHENA.MIT.EDU (Ben Poliakoff)
Thu Feb 14 09:48:26 2008

Date: Thu, 14 Feb 2008 06:47:30 -0800
From: Ben Poliakoff <benp@reed.edu>
To: Jeff Blaine <jblaine@kickflop.net>
Message-ID: <20080214144730.GA21048@tristero.reed.edu>
MIME-Version: 1.0
In-Reply-To: <47B350BB.9010706@kickflop.net>
Cc: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============0238465949=="
Errors-To: kerberos-bounces@mit.edu


--===============0238465949==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="opJtzjQTFsWo+cga"
Content-Disposition: inline


--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Jeff Blaine <jblaine@kickflop.net> [20080213 23:56]:
> % /usr/rcf-krb5/bin/kinit -p admin/admin
> Password for admin/admin@FOO.COM:
> % /usr/rcf-krb5/sbin/kadmin -c /tmp/krb5cc_26560
> Authenticating as principal admin/admin@FOO.COM with existing
> credentials.
> kadmin: Matching credential not found while initializing kadmin interface
>=20

The kadmin/admin service usually has the 'DISALLOW_TGT_BASED' attribute
set.  If you *really* want to run kadmin off of an existing credential
cache you need to request the a service ticket for the kadmin/admin when
you do the initial kinit, something like this:

    kinit -p admin/admin -S kadmin/admin

Ben
--=20
________________________________________________________________________
PGP fingerprint:      A131 F813 7A0F C5B7 E74D  C972 9118 A94D 6AF5 2019

--opJtzjQTFsWo+cga
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHtFSCkRipTWr1IBkRAtuvAJ9gfTsOBz8c8Cw3nTtAEwCrpR8chQCdG4ji
LY5Zl4ePL/p6A8t460jYkag=
=hV7z
-----END PGP SIGNATURE-----

--opJtzjQTFsWo+cga--

--===============0238465949==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

--===============0238465949==--
home help back first fref pref prev next nref lref last post