Me and my friend have fixed this. Patch attached. The case is that kadmin always tries to add/replace _instance_ part of the credential with "/admin". So we've just ripped it of. I do not know why such behavior was originally designed, so I'm not sure whether its the right way to fix it.
Best, Zaar. 2006/11/23, Love Hörnquist Åstrand <[EMAIL PROTECTED]>:
No problem, I've just been very busy with IETF and lost packets to our dns resolve, please hang on, will be back soon with an answer. From what you say it seem like a bug in the kadmin/kadmind code. Love 23 nov 2006 kl. 12.01 skrev Hai Zaar: > Good day, Love! > Sorry to disturb you once again, but may you've just missed my reply > to mailing list. > > > 2006/11/20, Hai Zaar <[EMAIL PROTECTED]>: >> Here is the thing: >> If principal has '/admin' in its name - it all works smoothly. I.e. >> renaming haizaar to haizaar/admin, or using root/admin did the trick. >> Even regular kinit works - kadmin automatically acquires kadmin/admin >> ticket. >> >> How do I disable this "feature" ? >> >> 2006/11/20, Love Hörnquist Åstrand <[EMAIL PROTECTED]>: >> >> > Sorry, I can't reproduce that. >> > >> > Love >> > >> > $ kinit -S kadmin/[EMAIL PROTECTED] lha/[EMAIL PROTECTED] >> > lha/[EMAIL PROTECTED]'s Password: >> > $ klist >> > Credentials cache: API:1 >> > Principal: lha/[EMAIL PROTECTED] >> > >> > Issued Expires Principal >> > Nov 20 09:28:03 Nov 20 10:28:03 kadmin/[EMAIL PROTECTED] >> > >> > $ kadmin -p lha/admin -r SU.SE >> > kadmin> get lha >> > Principal: [EMAIL PROTECTED] >> > Principal expires: never >> > ... >> > >> > >> > >> > >> > >> >> >> -- >> Zaar >> > > > -- > Zaar
-- Zaar
heimdal-0.7.2-kadmin-do-not-mess-with-instance-1.patch
Description: Binary data