From: Barry Jaspan Date: Wed, 30 Oct 1996 18:12:37 +0000 (+0000) Subject: include some more detail on the kadmin/admin and kadmin/changepw X-Git-Tag: krb5-1.0-freeze1~170 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cc03b6ee2575a14f1230bc09ad7afb65f1f1162a;p=krb5.git include some more detail on the kadmin/admin and kadmin/changepw distinction [krb5-doc/130] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9252 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/doc/kadm5/api-funcspec.tex b/doc/kadm5/api-funcspec.tex index 5def7a78a..e799eacc4 100644 --- a/doc/kadm5/api-funcspec.tex +++ b/doc/kadm5/api-funcspec.tex @@ -772,8 +772,15 @@ service principal, but the sets of operations that can be performed by a request authenticated to each service are different. In particular, only the functions chpass_principal, randkey_principal, get_principal, and get_policy can be performed by a request authenticated to the -kadmin/changepw service. The function semantics descriptions below -give the precise details. +kadmin/changepw service, and they can only be performed when the +target principal of the operation is the same as the authenticated +client principal; the function semantics descriptions below give the +precise details. This means that administrative operations can only +be performed when authenticated to the kadmin/admin service. The +reason for this distinction is that tickets for kadmin/changepw can be +acquired with an expired password, and the KADM system does not want +to allow an administrator with an expired password to perform +administrative operations on arbitrary principals. Each Admin API operation authenticated to the kadmin/admin service requires a specific authorization to run. This version uses a simple