From stefan at kania-online.de Fri Feb 7 08:58:25 2025 From: stefan at kania-online.de (Stefan Kania) Date: Fri, 7 Feb 2025 14:58:25 +0100 Subject: kadm5.acl "e" permission Message-ID: <85f142f8-99d7-4a9a-8b0a-20219525fe45@kania-online.de> Hello, in the kadm5.acl the "*" or the "x" gives all permission but not the permission to extract the principal keys for this it the "e" permission. Can some please explain to me how can I extract the principal key if I have the "e" permission. I can't find anything that explain how to do it. Thank you Stefan -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: From ghudson at mit.edu Fri Feb 7 11:07:05 2025 From: ghudson at mit.edu (Greg Hudson) Date: Fri, 7 Feb 2025 11:07:05 -0500 Subject: kadm5.acl "e" permission In-Reply-To: <85f142f8-99d7-4a9a-8b0a-20219525fe45@kania-online.de> References: <85f142f8-99d7-4a9a-8b0a-20219525fe45@kania-online.de> Message-ID: On 2/7/25 08:58, Stefan Kania wrote: > in the kadm5.acl the "*" or the "x" gives all permission but not the > permission to extract the principal keys for this it the "e" permission. > Can some please explain to me how can I extract the principal key if I > have the "e" permission. I can't find anything that explain how to do it. The kadmin "ktadd -norandkey" command will extract principal keys to a keytab file without generating new keys as it normally does. From stefan at kania-online.de Fri Feb 7 13:07:15 2025 From: stefan at kania-online.de (Stefan Kania) Date: Fri, 7 Feb 2025 19:07:15 +0100 Subject: kadm5.acl "e" permission In-Reply-To: References: <85f142f8-99d7-4a9a-8b0a-20219525fe45@kania-online.de> Message-ID: <29e78a8d-05e2-4732-8b6c-bbe611f7c5df@kania-online.de> Am 07.02.25 um 17:07 schrieb Greg Hudson: > On 2/7/25 08:58, Stefan Kania wrote: >> in the kadm5.acl the "*" or the "x" gives all permission but not the >> permission to extract the principal keys for this it the "e" >> permission. Can some please explain to me how can I extract the >> principal key if I have the "e" permission. I can't find anything that >> explain how to do it. > > The kadmin "ktadd -norandkey" command will extract principal keys to a > keytab file without generating new keys as it normally does. > Thank you, that was exactly what I was looking for :-) -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 236 bytes Desc: OpenPGP digital signature URL: