[39474] in Kerberos
Re: kadm5.acl "e" permission
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Feb 7 11:08:56 2025
Message-ID: <eb065857-45f8-4c79-b7f8-131aacf9687c@mit.edu>
Date: Fri, 7 Feb 2025 11:07:05 -0500
MIME-Version: 1.0
To: Stefan Kania <stefan@kania-online.de>, kerberos@mit.edu
Content-Language: en-US
From: "Greg Hudson" <ghudson@mit.edu>
In-Reply-To: <85f142f8-99d7-4a9a-8b0a-20219525fe45@kania-online.de>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: kerberos-bounces@mit.edu
On 2/7/25 08:58, Stefan Kania wrote:
> in the kadm5.acl the "*" or the "x" gives all permission but not the
> permission to extract the principal keys for this it the "e" permission.
> Can some please explain to me how can I extract the principal key if I
> have the "e" permission. I can't find anything that explain how to do it.
The kadmin "ktadd -norandkey" command will extract principal keys to a
keytab file without generating new keys as it normally does.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
