[Freeipa-users] howto modify krb principal attributes without kadmin.local
Simo Sorce
simo at redhat.com
Wed May 16 22:18:35 UTC 2012
On Wed, 2012-05-16 at 18:15 -0400, Rob Crittenden wrote:
> Thomas Jackson wrote:
> > kadmin.local: modprinc +requires_hwauth user
> > modify_principal: User modification failed: Insufficient access while
> > modifying "user".
>
> What user's ticket do you have when trying to make this change?
>
> The error is coming from 389-ds, not from the KDC ACLs.
>
> For whatever it's worth I tried this in 2.2.0 and it worked.
In 2.2 we do not restrict kadmin/kdc as much as we did in < 2.1
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list