Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!uwm.edu!dogie.macc.wisc.edu!decwrl!shelby!IAG.HP.COM!tai
From: tai@IAG.HP.COM (Tai Jin)
Newsgroups: comp.protocols.kerberos
Subject: Re: Kerberos Difficulties
Message-ID: <9002222012.AA00706@kenzo.iag.hp.com>
Date: 22 Feb 90 20:12:35 GMT
References: <20243@bellcore.bellcore.com>
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 29


   Do you know what is wrong here?  I was able to get a ticket from the Kerberos
   server (as evidenced from the output of klist), but kpasswd seems not to be
   able to connect to that server.  Is there some other server I need to define
   somewhere?

I don't know about your kpasswd problem.  I've modified kadmin to
allow users to change their passwords instead of using kpasswd.

   1. The operation guide neglected to inform me that, apparently (after pouring
      through source code), you need to create a "changepw" principal via kdb_edit
      in order to use kpasswd.  The error message caused by this was not
      indicative of the problem.

The changepw principal should have been created by kdb_init.

   2. There is no utility to list all entries in the Kerberos master database (a
      sort of /usr/etc/kdb_list).  I have written one, using kdb_edit and
      kdb_util as models.

You can say "kdb_util dump file" and look at the file.

   3. There is no utility to delete an entry from the Kerberos master database (a
      sort of /usr/etc/kdb_del).

You can say "kdb_util dump file; edit file; kdb_util load file".  I do
this in a script.

...tai