当我运行该命令时,kadmin.local -q "addprinc admin/admin"它会将领域添加到用户末尾。因此admin/admin变成admin/[email protected]
这是我运行的。任何建议都很棒。
root@directory:~# kadmin.local -q "addprinc admin/admin"
Authenticating as principal root/[email protected] with password.
WARNING: no policy specified for admin/[email protected]; defaulting to no policy
Enter password for principal "admin/[email protected]":
Re-enter password for principal "admin/[email protected]":
Principal "admin/[email protected]" created.
root@directory:~# kadmin.local -q "addprinc -randkey kadmin/directory.lbox.com"
Authenticating as principal root/[email protected] with password.
WARNING: no policy specified for kadmin/[email protected]; defaulting to no policy
add_principal: Principal or policy already exists while creating "kadmin/[email protected]".
root@directory:~# /etc/init.d/krb5-admin-server restart
答案1
这是预期的行为并且是必需的。Kerberos 主体并非虚无缥缈,但始终有一个领域。Kerberos 领域通常为它们对应的域的大写版本,但这不是必需的。您可以在 kdc 的数据库中包含任何您想要的领域。诀窍是确保身份验证请求到达适当的位置。
(票可能是匿名的,但这是完全不同的话题。)