[OpenAFS] Propagating "admin" flag into Kerberos 5

Thomas Kula kula@tproa.net
Fri, 26 Sep 2008 13:32:16 -0400


On Fri, Sep 26, 2008 at 12:11:28PM -0500, Daniel Debertin wrote:
> I'm doing this for my AFS admin, as described in the documentation:
> 
> ka> setfields admin -flags admin
> 
> Which works fine using OpenAFS's kaserver. What is the equivalent in
> Kerberos 5/Heimdal?

The kas setfields man page says the admin flag means "the user
is allowed to issue privileged kas commands", so with heimdal
this is the equivalent to putting that user in the kadmind.acl
file (or whatever your kadmin ACL file is called). You'll
probably want to make sure the user has the appropriate privs
(the Heimdal documentation will go into those).



-- 
Thomas L. Kula | kula@tproa.net | http://kula.tproa.net/