On Fri, Mar 30, 2007 at 11:41:22PM -0700, Adam Megacz wrote: > > "Adam Chlipala" <[EMAIL PROTECTED]> writes: > > I think before it was owned by the plain "domtool" user. > > No such user exists in pts, but I will create one. > > > It's been a while since I set this up, so it's probably better if I just > > describe what I'm trying to accomplish, rather than request particular > > low-level changes. The script in /etc/init.d/domtool-server (based on > > kinit) used to work, but now doesn't because (I think) it doesn't have > > permission to read domtool's keytab at the point where it wants to do so. > > Okay, the script expects there to be a user named "domtool". I've > created a user with this name and chown'ed the file to him. > > Domtool now starts, but complains about unspecified permission > badness. I think we need to "chmod -R domtool:domtool /etc/domtool", > but I'll leave that to somebody who understands the consequences > better than I do (right now the ownership of files in that directory > is pretty random). > > > Let me know if you change the init script, because I like to keep > > all versions in CVS, too. > > Yes, it was changed slightly. I added the flag "-U" to make it > autodetect the kerberos principal (doesn't need to be hardwired in the > init script). > > I also moved the old keytab to /etc/keytabs/domtool.keytab.old and > extracted a fresh one from kadmin.
So we're not employing that principle of group 'domtool' , with domtool.deleuze.hcoop.net and domtool.mire.hcoop.net as members ? _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
