[6368] in Kerberos
Re: deleting user instances in K4 bug?
daemon@ATHENA.MIT.EDU (Mark W. Eichin)
Fri Dec 15 20:17:06 1995
Date: Fri, 15 Dec 1995 19:38:07 -0500
From: "Mark W. Eichin" <eichin@cygnus.com>
To: Teh Cheng <cheng@TeleCheck.com>
Cc: kerberos@MIT.EDU
In-Reply-To: "[6367] in Kerberos"
/usr/kerberos/database/admin_acl.del on the kdc.
It's just another acl like the rest of the kadmin acls. It is
mentioned in the documentation.
As for the lists mentioned -- .klogin files, kadmin acl's, *anything*
that refers to a kerberos principal for access control. After all,
those are just strings, unaffected by the database change, and if you
ever reuse that name, the new entity gets all the leftover access the
old one did, if you haven't cleaned it up...
_Mark_ <eichin@cygnus.com>
Cygnus Support
Cygnus Network Security <network-security@cygnus.com>
http://www.cygnus.com/data/cns/
admin: del test
Admin password:
When you delete an entry, be sure to take it off of any access control lists
as well. Be sure that you really intend to delete the Kerberos database
entry for test.
If you do, type y and press return: y
kadm error: Insufficient access to perform requested operation
so 2 questions:
1) why don't i have sufficient access
2) what access control lists is the warning message referring to?
