There is an issue addressing this at the GitHub project:
https://github.com/heimdal/heimdal/issues/532
On Sat, 09 Nov 2013 15:50:56 +0100 Per Olofsson <pe...@dsv.su.se> wrote:
Hi,
When we upgraded our KDC to Debian wheezy, newly extracted keytabs did
not work anymore. After some digging around, I found the error: I did
not have the "get-keys" right so kadmind did not return any keys when I
extracted keytabs. However:
* kadmin did not return an error message, it simply extracted an
unusable keytab with principals but no keys.
* I had the "all" right in kadmind.acl, but apparently it does not
include the "get-keys" right.
* The manual page for kadmind says nothing about it.
I think the "all" right in kadmind.acl should include the get-keys
right. Otherwise, there should be an error message in kadmin and it
should be documented that "all" does not include get-keys.
This was also reported as a Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717660
Thanks in advance!
--
Pelle
