[OpenAFS] service principal question
Steve Devine
sdevine@msu.edu
Wed, 12 Oct 2005 13:57:10 -0400
Neulinger, Nathan wrote:
>You just need to remember to update kadm5.acl if you decide to use a
>different name (assuming you're using mit k5), as the default install of
>that I believe gives krb db admin rights for all princs to */admin.
>
>
>------------------------------------------------------------
>Nathan Neulinger EMail: nneul@umr.edu
>University of Missouri - Rolla Phone: (573) 341-6679
>UMR Information Technology Fax: (573) 341-4216
>
>
>
>
>>-----Original Message-----
>>From: openafs-info-admin@openafs.org
>>[mailto:openafs-info-admin@openafs.org] On Behalf Of Russ Allbery
>>Sent: Wednesday, October 12, 2005 12:30 PM
>>To: openafs-info@openafs.org
>>Subject: Re: [OpenAFS] service principal question
>>
>>Jiann-Ming Su <sujiannming@gmail.com> writes:
>>
>>
>>
>>>So the principal for the cell admin user should be
>>>"some_user/admin@THIS.IS.YOUR.REALM.COM" for the same
>>>
>>>
>>reason? Or, can
>>
>>
>>>the admin user be "some_user@THIS.IS.YOUR.REALM.COM"?
>>>
>>>
>>This one doesn't matter; you can call the admin principal anything you
>>want. The /admin bit is just a convention.
>>
>>--
>>Russ Allbery (rra@stanford.edu)
>><http://www.eyrie.org/~eagle/>
>>_______________________________________________
>>OpenAFS-info mailing list
>>OpenAFS-info@openafs.org
>>https://lists.openafs.org/mailman/listinfo/openafs-info
>>
>>
>>
>>
>_______________________________________________
>OpenAFS-info mailing list
>OpenAFS-info@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info
>
>
For my 2 cents I would say its a pretty good convention to hang on to ..
I would rather my admins had to remember to add the /admin to their
principal when doing admin work. I'd rather have a little inconvience
than a large headache.
/sd
--
Steve Devine
Storage Systems
Academic Computing & Network Services
Michigan State University
506 Computer Center
East Lansing, MI 48824-1042
1-517-432-7327
Baseball is ninety percent mental; the other half is physical.
- Yogi Berra