DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

(heimdal.info.gz) Remote administration

Info Catalog (heimdal.info.gz) Serving Kerberos 4/524/kaserver (heimdal.info.gz) Setting up a realm (heimdal.info.gz) Password changing 
 
 4.7 Remote administration
 =========================
 
 The administration server, `kadmind', can be started by `inetd' (which
 isn't recommended) or run as a normal daemon. If you want to start it
 from `inetd' you should add a line similar to the one below to your
 `/etc/inetd.conf'.
 
      kerberos-adm stream     tcp     nowait  root /usr/heimdal/libexec/kadmind kadmind
 
 You might need to add `kerberos-adm' to your `/etc/services' as
 `749/tcp'.
 
 Access to the administration server is controlled by an ACL file,
 (default `/var/heimdal/kadmind.acl'.) The file has the following syntax:
      principal       [priv1,priv2,...]       [glob-pattern]
 
 The matching is from top to bottom for matching principals (and if
 given, glob-pattern).  When there is a match, the access rights of that
 line are applied.
 
 The privileges you can assign to a principal are: `add',
 `change-password' (or `cpw' for short), `delete', `get', `list', and
 `modify', or the special privilege `all'. All of these roughly
 correspond to the different commands in `kadmin'.
 
 If a GLOB-PATTERN is given on a line, it restricts the access rights
 for the principal to only apply for subjects that match the pattern.
 The patterns are of the same type as those used in shell globbing, see
 fnmatch(3).
 
 In the example below `lha/admin' can change every principal in the
 database. `jimmy/admin' can only modify principals that belong to the
 realm `E.KTH.SE'. `mille/admin' is working at the help desk, so he
 should only be able to change the passwords for single component
 principals (ordinary users). He will not be able to change any `/admin'
 principal.
 
      lha/admin@E.KTH.SE	all
      jimmy/admin@E.KTH.SE	all		*@E.KTH.SE
      jimmy/admin@E.KTH.SE	all		*/*@E.KTH.SE
      mille/admin@E.KTH.SE	change-password	*@E.KTH.SE
Info Catalog (heimdal.info.gz) Serving Kerberos 4/524/kaserver (heimdal.info.gz) Setting up a realm (heimdal.info.gz) Password changing
automatically generated byinfo2html