[OpenAFS] service principal question
Wed, 12 Oct 2005 13:57:10 -0400
Neulinger, Nathan wrote:
>You just need to remember to update kadm5.acl if you decide to use a
>different name (assuming you're using mit k5), as the default install of
>that I believe gives krb db admin rights for all princs to */admin.
>Nathan Neulinger EMail: email@example.com
>University of Missouri - Rolla Phone: (573) 341-6679
>UMR Information Technology Fax: (573) 341-4216
>>[mailto:firstname.lastname@example.org] On Behalf Of Russ Allbery
>>Sent: Wednesday, October 12, 2005 12:30 PM
>>Subject: Re: [OpenAFS] service principal question
>>Jiann-Ming Su <email@example.com> writes:
>>>So the principal for the cell admin user should be
>>>"some_user/admin@THIS.IS.YOUR.REALM.COM" for the same
>>reason? Or, can
>>>the admin user be "some_user@THIS.IS.YOUR.REALM.COM"?
>>This one doesn't matter; you can call the admin principal anything you
>>want. The /admin bit is just a convention.
>>Russ Allbery (firstname.lastname@example.org)
>>OpenAFS-info mailing list
>OpenAFS-info mailing list
For my 2 cents I would say its a pretty good convention to hang on to ..
I would rather my admins had to remember to add the /admin to their
principal when doing admin work. I'd rather have a little inconvience
than a large headache.
Academic Computing & Network Services
Michigan State University
506 Computer Center
East Lansing, MI 48824-1042
Baseball is ninety percent mental; the other half is physical.
- Yogi Berra