Rainer,
Consider that you do not want obfuscate keeping track of users modifying
the KDC database through generic service accounts like admin/admin. As the
later discussion in this thread positions; using the kadm5.acl file to name
users (they dont have to be named with a */admin convention, if y
http://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/kadm5_acl.html
On Wed, Apr 1, 2015 at 8:27 PM, Todd Grayson wrote:
> Rainer,
>
> Consider that you do not want obfuscate keeping track of users modifying
> the KDC database through generic service accounts like admin/admin. As the
> lat
On Wed, 1 Apr 2015, Rainer Krienke wrote:
> The ACL file /var/lib/kerberos/krb5kdc/kadm5.acl on the server looks
> like this:
> #
> admin/admin *
> kadmin/admin*
> kadmin/ad...@myrealm.de *
> john/admin*
> john/ad...@myrealm.de*
Did you restart kadmind after changing the kadm5
Am 31.03.2015 um 16:15 schrieb Greg Hudson:
> On 03/31/2015 07:56 AM, Rainer Krienke wrote:
>> I would like to achieve the following. A particular user say "john" logs
>> in at a linux system or authenticates in apache against kerberos.
>> Now I would like to allow this user "john" to run kadmin co
