Re: kdc.conf

> Where is your kdc.conf file, and can you verify that krb5kdc is reading > it? The default location of kdc.conf is in the KDC data directory > (typically /var/krb5kdc), and you can explicitly set it with the > KRB5_KDC_PROFILE environment variable. Thank you for your reply and your time spent. T

Cross realm kadmin

We have two MIT krb5 realms: LIVE and TEST. I would like to add principals from LIVE into TEST's kadm5.acl file so they can manage the TEST realm's principals, authenticating from keytabs. >From what I can glean in the archives this isn't possible due to to kadmin/admin@TEST being denied to TGS

Re: kdc.conf

Ivan <19b5b6e5...@tiny-vps.com> writes: >> Where is your kdc.conf file, and can you verify that krb5kdc is reading >> it? The default location of kdc.conf is in the KDC data directory >> (typically /var/krb5kdc), and you can explicitly set it with the >> KRB5_KDC_PROFILE environment variable. > >

Admin ticket expiry does not expire consistently

Hi all. I am running KDC 1.16.3. The admin tickets are not expired consistently. In the following kadmin snippet, the max_life was set to 5s, max_renewable_life is 0. --- *Mar 25 11:45:09 ygc-kdc-master05.example.com kadmind[18654](Notice): Request

Re: Cross realm kadmin

On 3/25/19 7:28 AM, Kenneth MacDonald wrote: > If this behaviour is impossible, I will have to ensure all my > management hosts default to the same realm that they are managing. Or > is there something I am missing? I don't think it can work with kadmin -k (authenticating from keytab), because ka

Re: Cross realm kadmin

On Mon, 2019-03-25 at 12:16 -0400, Greg Hudson wrote: > On 3/25/19 7:28 AM, Kenneth MacDonald wrote: > > If this behaviour is impossible, I will have to ensure all my > > management hosts default to the same realm that they are > > managing. Or > > is there something I am missing? > > I don't thi