Hi Philippe, On Thu, Jan 24, 2002 at 02:48:20PM +0100, Philippe Perrin wrote:
> We're trying to make heimdal work on two Debian 2.2 systems, especially the > telnet service. When installing everything on the same host (KDC + telnetd), > it works fine. But when trying to set up the telnetd service on another > host, we get an error. > We first creating the host/thot.mds principal on the KDC (whose name is > amon.mds) with "add host/thot.mds" and "ext host/thot.mds". Then, on the > target telnet host (after running kinit) : > thot:~# kadmin > kadmin> add host/thot.mds > Max ticket life [unlimited]: > Max renewable life [unlimited]: > Principal expiration time [never]: > Password expiration time [never]: > Attributes []: > host/thot.mds@KBTEST's Password: > Verifying password - host/thot.mds@KBTEST's Password: > kadmin: kadm5_create_principal: Operation requires `add' privilege > kadmin: adding host/thot.mds: Operation requires `add' privilege > Our kadm5.acl file (on amon.mds, the KDC) has one line : */*@KBTEST * (for > granting everyone every right, for testing purpose) At least with MIT kadmind, the pattern '*/*@KBTEST' does not match a principal name that doesn't have a slash in it. I presume this is the problem, although you don't show what principal you're authenticated as when running kadmin, so I don't know for sure. HTH, Steve Langasek postmodern programmer
