1. Forum
  2. Usenet
  3. COMP.PROTOCOLS.KERBEROS

  • kadm5.acl "e" permission

    From Stefan Kania@21:1/5 to All on Fri Feb 7 14:58:25 2025
    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------wVzct31ivXcs8WG58zJ0q7ul
    Content-Type: multipart/mixed; boundary="------------gjQbQZFeKYCv7u1XQtCBRErP"

    --------------gjQbQZFeKYCv7u1XQtCBRErP
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    SGVsbG8sDQoNCmluIHRoZSBrYWRtNS5hY2wgdGhlICIqIiBvciB0aGUgIngiIGdpdmVzIGFs bCBwZXJtaXNzaW9uIGJ1dCBub3QgdGhlIA0KcGVybWlzc2lvbiB0byBleHRyYWN0IHRoZSBw cmluY2lwYWwga2V5cyBmb3IgdGhpcyBpdCB0aGUgImUiIHBlcm1pc3Npb24uIA0KQ2FuIHNv bWUgcGxlYXNlIGV4cGxhaW4gdG8gbWUgaG93IGNhbiBJIGV4dHJhY3QgdGhlIHByaW5jaXBh bCBrZXkgaWYgSSANCmhhdmUgdGhlICJlIiBwZXJtaXNzaW9uLiBJIGNhbid0IGZpbmQgYW55 dGhpbmcgdGhhdCBleHBsYWluIGhvdyB0byBkbyBpdC4NCg0KVGhhbmsgeW91DQoNClN0ZWZh bg0KDQo=
    --------------gjQbQZFeKYCv7u1XQtCBRErP--

    --------------wVzct31ivXcs8WG58zJ0q7ul--

    -----BEGIN PGP SIGNATURE-----

    wnsEABYIACMWIQRsT9azWR5AolaZQIFS9tTdG7aKtQUCZ6YRgQUDAAAAAAAKCRBS9tTdG7aKtZ5m AP0eLTx6vH1oinRuRKwHvZpR6dtDH/0XKM6F3/pLDt0wrgEAl/qHlOM6O4rkySvGF4xj2tWyEmt0 XIJfhGFquuor9A8=
    =5XLv
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Greg Hudson@21:1/5 to Stefan Kania on Fri Feb 7 11:07:05 2025
    To: kerberos@mit.edu

    On 2/7/25 08:58, Stefan Kania wrote:
    in the kadm5.acl the "*" or the "x" gives all permission but not the permission to extract the principal keys for this it the "e" permission.
    Can some please explain to me how can I extract the principal key if I
    have the "e" permission. I can't find anything that explain how to do it.

    The kadmin "ktadd -norandkey" command will extract principal keys to a
    keytab file without generating new keys as it normally does.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Stefan Kania@21:1/5 to Greg Hudson on Fri Feb 7 19:07:15 2025
    To: kerberos@mit.edu
    To: kerberos@mit.edu

    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------WJ8nM3n0sPMNTBq5oQoOjdYB
    Content-Type: multipart/mixed; boundary="------------rmltnled2IzAi7wyYB2nzfes"

    --------------rmltnled2IzAi7wyYB2nzfes
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    DQoNCkFtIDA3LjAyLjI1IHVtIDE3OjA3IHNjaHJpZWIgR3JlZyBIdWRzb246DQo+IE9uIDIv Ny8yNSAwODo1OCwgU3RlZmFuIEthbmlhIHdyb3RlOg0KPj4gaW4gdGhlIGthZG01LmFjbCB0 aGUgIioiIG9yIHRoZSAieCIgZ2l2ZXMgYWxsIHBlcm1pc3Npb24gYnV0IG5vdCB0aGUgDQo+ PiBwZXJtaXNzaW9uIHRvIGV4dHJhY3QgdGhlIHByaW5jaXBhbCBrZXlzIGZvciB0aGlzIGl0 IHRoZSAiZSIgDQo+PiBwZXJtaXNzaW9uLiBDYW4gc29tZSBwbGVhc2UgZXhwbGFpbiB0byBt ZSBob3cgY2FuIEkgZXh0cmFjdCB0aGUgDQo+PiBwcmluY2lwYWwga2V5IGlmIEkgaGF2ZSB0 aGUgImUiIHBlcm1pc3Npb24uIEkgY2FuJ3QgZmluZCBhbnl0aGluZyB0aGF0IA0KPj4gZXhw bGFpbiBob3cgdG8gZG8gaXQuDQo+IA0KPiBUaGUga2FkbWluICJrdGFkZCAtbm9yYW5ka2V5 IiBjb21tYW5kIHdpbGwgZXh0cmFjdCBwcmluY2lwYWwga2V5cyB0byBhIA0KPiBrZXl0YWIg ZmlsZSB3aXRob3V0IGdlbmVyYXRpbmcgbmV3IGtleXMgYXMgaXQgbm9ybWFsbHkgZG9lcy4N Cj4gDQpUaGFuayB5b3UsIHRoYXQgd2FzIGV4YWN0bHkgd2hhdCBJIHdhcyBsb29raW5nIGZv ciA6LSkNCg0K
    --------------rmltnled2IzAi7wyYB2nzfes--

    --------------WJ8nM3n0sPMNTBq5oQoOjdYB--

    -----BEGIN PGP SIGNATURE-----

    wnsEABYIACMWIQRsT9azWR5AolaZQIFS9tTdG7aKtQUCZ6ZL0wUDAAAAAAAKCRBS9tTdG7aKtUmc AP944QTGObqRz/LyMjv9aH4YLiU04WPIKwA/eMJZ56WyigEAtuICBOCSBH4KTra3rNKjr+VCqhQk zWconVhjyAY0yAg=
    =hSMQ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)