Edit the Kerberos Admin Server ACL config
In the kdc.conf we saw a value: acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl. In this file we can define who has the right to read or change something in our kerberos database (we will create that database later). Detailed information about this ACL (access control list) are in the manpage of kadmind or the kerberos adminguide. To be simple we want to allow all admins to do all in our kerberos database. Edit the file to:
*/admin@REDFLO.DE *
This can be read as "allow all(=*) admins in the realm REDFLO.DE everything (=*). So where is here the username? Is admin a Unix group?