On 07/18/2014 03:16 PM, Eldo Joseph wrote:
> Hi,
> 
> Is it possible to add a user principal with admin privileges. 
> 
> like kadmin: addprinc -randkey user1/ad...@domain.com
> 
> when ever tried I got this 
> "Kerberos database constraints violated"
> 
> 
> Thanks,
> Eldo 

We do not allow adding principals by kadmin on purpose. Kerberos principals of
FreeIPA user/service/host are being added via FreeIPA commands which fills all
required and expected attributes.

We are considering allowing adding external realm principal though, ticket 
filed:

https://fedorahosted.org/freeipa/ticket/4059
https://bugzilla.redhat.com/show_bug.cgi?id=1035494#c3

HTH,
Martin

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to