On Tue, May 15, 2012 at 3:24 PM, Simo Sorce <s...@redhat.com> wrote: > On Tue, 2012-05-15 at 14:21 -0700, Thomas Jackson wrote: > > So going through the documentation it's clearly laid out not to use > > kadmin or kadmin.local when using freeipa. I have been unable to find > > how to replace this functionality in the documentation. > > > > If I could use kadmin.local on my kdc I would like to run the > > following command.... > > > > modprinc +requires_hwauth user > > > > Am I going to need to extend/modify the krb5 schema to modify > > principals attributes in this way? > > > For this specific change you can use kadmin.local, but the IPA UI will > not report you anything about it. > > The flags part is still a weak point of the Web UI, if you want you can > open a RFE ticket to ask for better support for these flags, we need to > do it at some point we simply haven't yet as we concentrated on more > important and pressing issue this far. > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > > The following errors lead me to believe I am missing something as kadmin.local appears to have access issues when trying to modify a principle.
kadmin.local: modprinc +requires_hwauth user modify_principal: User modification failed: Insufficient access while modifying "user". For good measure I've modified /var/kerberos/krb5kdc/kadm5. acl with the correct ACLs for the domain and still encounter the same errors. -ipa 2.1.3
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users