Hello, I would like to achieve the following. A particular user say "john" logs in at a linux system or authenticates in apache against kerberos. Now I would like to allow this user "john" to run kadmin commands without entering any additional other password.
I first thought that kadmin is like a service and exported the principal admin/admin to a keytab file which I copied to a remote system. On this system I was then able to call $ kadmin -k -t /etc/krb5.keytab -p admin/admin Authenticating as principal admin/admin with keytab /etc/krb5.keytab. kadmin: getprincs ... However this does not work the way I expected. Now I can even destroy the user ticket of john with kdestroy -c /tmp/krb5cc_1234 that john got when logging into the system and kadmin still works. What I wanted is that kadmin only works when a particular user has logged in and has authenticated against kerberos. Now any user that could log in into the system would be able to run kadmin if he has acces to the keytab file. So after all what I want is kerberos based single sign on for kadmin usage. Any idea how to configure this? Thanks Rainer -- Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1 56070 Koblenz, http://userpages.uni-koblenz.de/~krienke, Tel: +49261287 1312 PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html,Fax: +49261287 1001312
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
