Re: kadmin remote as a regular user

Rainer Krienke Thu, 02 Apr 2015 00:06:10 -0700

Am 01.04.2015 um 18:04 schrieb Benjamin Kaduk:
> On Wed, 1 Apr 2015, Rainer Krienke wrote:
> 
>> The ACL file /var/lib/kerberos/krb5kdc/kadm5.acl on the server looks
>> like this:
>> #
>> admin/admin     *
>> kadmin/admin    *
>> kadmin/ad...@myrealm.de     *
>> john/admin   *
>> john/ad...@myrealm.de    *
> 
> Did you restart kadmind after changing the kadm5.acl?
> 
> -Ben Kaduk
>


Hello Ben,

thanks for the hint. I did restart using the init scripts in
/etc/init.d/  krb524d  and krb5kdc but actually didn't see that there is
one more that needs to be restarted after ACL changes:
/etc/init.d/kadmind :-;

Now kadmin works as expected.

Thank you Ben and everyone else who replied very much for your help.

Rainer
-- 
Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse  1
56070 Koblenz, http://userpages.uni-koblenz.de/~krienke, Tel: +49261287 1312
PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html,Fax: +49261287
1001312

smime.p7s
Description: S/MIME Cryptographic Signature

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: kadmin remote as a regular user

Reply via email to