> Are you sure it says that? As the author of the Kerberos FAQ, I can't > find that (it does mention about ACLs, but doesn't specifically mention > kadm5.acl).
Sorry... Since I got some success with foreign principals in other servies (.k5login files) and I've read "ACL" I went on a wrong inference. > > >Since we have a multi-realm KDC and in real life the same > >people will manage those realms, I'd like to give permissions > >to the same principal and if possible I wouldn't like > >create user/admin@REALM1, user/admin@REALM2. I just want to > >insert a entry for user/admin@REALM1 in kadm5.acl file > >for each domain. > > Unfortunately ... because kadmin/admin is set to only allow AS_REQ based > requests (which you don't want to change, trust me) and there's no way > to do cross-realm without a TGS-based request, then you're stuck. You can't > do what you want. Well, that's really a pity... We're starting with kerberos and other services in order to get some benefits (or at least try) from single sign-on concepts, like a smaller number of passwords a user (admin or not) needs to remember and keep in sync. Thanks anyway... ------------------------------------------------------------------------------ Marcio d'Avila Scheibler - Divisao de Suporte ([EMAIL PROTECTED]) Centro de Processamento de Dados - Campus Universitario - CEP 97105-900 Universidade Federal de Santa Maria - RS - Brasil ============================================================================= ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
