Hi,
When we upgraded our KDC to Debian wheezy, newly extracted keytabs did
not work anymore. After some digging around, I found the error: I did
not have the "get-keys" right so kadmind did not return any keys when I
extracted keytabs. However:
* kadmin did not return an error message, it simply extracted an
unusable keytab with principals but no keys.
* I had the "all" right in kadmind.acl, but apparently it does not
include the "get-keys" right.
* The manual page for kadmind says nothing about it.
I think the "all" right in kadmind.acl should include the get-keys
right. Otherwise, there should be an error message in kadmin and it
should be documented that "all" does not include get-keys.
This was also reported as a Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717660
Thanks in advance!
--
Pelle
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
