add, add_new_key, and ank are synonyms. The last dates back to krb4
From: Robbie Harwood
Sent: Monday, March 11, 2019 13:49
To: Lothar Schilling; kerberos@mit.edu
Subject: Re: Installing heimdal-kdc
Lothar Schilling writes:
> I got stuck again with putting
Lothar Schilling writes:
> I got stuck again with putting heimdal-kdc to work.
>
> Having initiated the database I logged in locally (kadmin -l). There is
> no such command as "add_principals" or "addprinc". Availabe are:
> stash, kstash / dump / init / load / merge / add, ank, add_new_key /
>
No, kadmin is never authenticated by a password. It's a Kerberos-authenticated
service and generally requires initial tickets, which means you can't use a tgt
to get a ticket for it. Instead, in the usual case, the kadmin client will
obtain an initial ticket for kadmin/admin, for which purpose
Hi Jeffrey.
I did some experiments with kadmin. It looks like by default, remote admin
sessions are authenticated with admin password. And in that case, the
sessions will *never *expired because there is no tickets in the system.
Does it mean I need to disable kadmin password authentication? if