[36830] in Kerberos
Re: back-referenced wildcards in kadm5.acl
daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Sat Mar 7 15:17:24 2015
Date: Sat, 07 Mar 2015 15:17:04 -0500
From: John Devitofranceschi <jdvf@optonline.net>
In-reply-to: <20140718004508.93985ggceh70ia88@www.staffmail.ed.ac.uk>
To: Kenneth MacDonald <Kenneth.MacDonald@ed.ac.uk>
Message-id: <EEE7D41A-00E8-4F7F-9044-8389519995BF@optonline.net>
MIME-version: 1.0
Cc: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============0288535320=="
Errors-To: kerberos-bounces@mit.edu
--===============0288535320==
Content-type: multipart/signed;
boundary="Apple-Mail=_CAE55768-E218-4791-804D-A70A302FF569";
protocol="application/pkcs7-signature"; micalg=sha1
--Apple-Mail=_CAE55768-E218-4791-804D-A70A302FF569
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
> On Jul 17, 2014, at 7:45 PM, Kenneth MacDonald =
<Kenneth.MacDonald@ed.ac.uk> wrote:
>=20
> Quoting John Devitofranceschi <jdvf@optonline.net> on Thu, 17 Jul 2014 =
=20
> 15:51:06 -0400:
>=20
>>=20
>>> On Jul 17, 2014, at 12:37, Greg Hudson <ghudson@MIT.EDU> wrote:
>>>=20
>>>> On 07/16/2014 06:34 PM, John Devitofranceschi wrote:
>>>> host/*@MYREALM.COM x */*1@MYREALM.COM
>>>=20
>>> This works for me in 1.11, 1.12, and the master branch. So, your
>>> expectation isn't unreasonable, but I'm not sure why it doesn't work =
for
>>> you.
>>>=20
>>> Note that kadmind will not reread its ACL file until it is =
restarted.
>>=20
>> I can get it to work with other wild card use cases, like:
>>=20
>> *@MYREALM.COM cli *1/admin@MYREALM.COM
>>=20
>> Just not the example I gave originally.
>=20
> This is because the wildcard matching only operates on whole =20
> components, not substrings of them. There are various patches =20
> floating around that extend this to regular expressions or substrings. =
=20
> I have one, but I'm on holiday at the moment. I'll try to remember =20=
> to follow up when I get back.
I just started looking into this again, this time with 1.13.1 and my =
results are the same as when I tried last year. =20
Any patches or advice welcome!
jd=
--Apple-Mail=_CAE55768-E218-4791-804D-A70A302FF569
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGHTCCBhkw
ggQBoAMCAQICAw0EljANBgkqhkiG9w0BAQUFADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL
ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp
dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xMzAzMjQxOTM1NDNaFw0x
NTAzMjQxOTM1NDNaMIGnMR4wHAYDVQQDExVKb2huIERldml0b2ZyYW5jZXNjaGkxITAfBgkqhkiG
9w0BCQEWEmpkdmZAb3B0b25saW5lLm5ldDEfMB0GCSqGSIb3DQEJARYQamR2ZkBob3RtYWlsLmNv
bTEfMB0GCSqGSIb3DQEJARYQZm9vbm9uQGdtYWlsLmNvbTEgMB4GCSqGSIb3DQEJARYRZm9vbm9u
QGljbG91ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKZl04Re/BcLaf+QZB
dUM6h3uH1hqP1fE1rlBFqVP812dL1VvYz99JcJEaQxX6Xi7mG8QjFkHSJv185KscJtm9p7EX3Wau
o5m/nKz940lz11thgzl10oxMZmXOFcRqt208QxSN26kH6qj5Zn5MZwRaa62yN7lXTBUwPrLdvWaS
YOa88mUfRaEqnvT+2Ct2uwImHcNj4IpUSwFbo8vufDLD7riC0qAw8DqTFG6USyfn5IDd6QXjyGbT
Zq/WdDrnUFw6I9kSemLuU8OLfqs62OswVPq7sQsH0dqVyLRM9fM/8BnYlmdg1CVEIrhRx5j5hDHR
asOPJlf8J3E1IK5UJpThAgMBAAGjggF5MIIBdTAMBgNVHRMBAf8EAjAAMFYGCWCGSAGG+EIBDQRJ
FkdUbyBnZXQgeW91ciBvd24gY2VydGlmaWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6
Ly93d3cuQ0FjZXJ0Lm9yZzAOBgNVHQ8BAf8EBAMCA6gwQAYDVR0lBDkwNwYIKwYBBQUHAwQGCCsG
AQUFBwMCBgorBgEEAYI3CgMEBgorBgEEAYI3CgMDBglghkgBhvhCBAEwMgYIKwYBBQUHAQEEJjAk
MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5jYWNlcnQub3JnMDEGA1UdHwQqMCgwJqAkoCKGIGh0
dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9yZXZva2UuY3JsMFQGA1UdEQRNMEuBEmpkdmZAb3B0b25saW5l
Lm5ldIEQamR2ZkBob3RtYWlsLmNvbYEQZm9vbm9uQGdtYWlsLmNvbYERZm9vbm9uQGljbG91ZC5j
b20wDQYJKoZIhvcNAQEFBQADggIBALFcvyc/1qfWVmrWgL++X9i4KGaJdt1pusTZmg+OKM5h6mFH
uLnNaWOjO4hByg7RB+5krKigeWF5VtrsEW+1Su2rpOgkqKH4zGaOmRznCuqhV84HPHds9mTSOwHk
mf/ddIEzEAEOM6+vOGwwbGsPXVh/hXK4t1vg539nSLNKA+djfInhHN2a4hLzYugE4xCDXNAx/Bta
Gjh6OrTcRSXZIJJc/JbBVch8qpTLla9S1LmVXn09SDQSqOs+35ura34yT+1y+lM5SlZ0ZNri36fK
x/nT7w1p2NlgdELtzJlKz6Ht3pHwxSjnmxQRsyNboD/Jkwb0dOhDlQSNhVOFOsEi/5142oLLenef
aiJJFozlUQi2+9SixhLKN/cwvKiXCPMUOEv20jPrXu8P88MoG1lH+lMr/dBRiAitC2dkRQwsLG+z
Nnj382qhu5l8pMOLJZZqcs7G1rRG4Wvnt1fYEy4jIuHrQiwT9cZObXyrs6tMKBXXkqxTAfprh5Zo
1qVeT/A+KDTg+zjS+XOkbDUBSJawTXiyzpWgSPmu1Nrafbwu5AkygKBJ4Esdk/IJqnDV0P/uOc1L
dWlWuU7yaYxHqzxdSMAfza+LDcGRjKnXF+kBLh1G+y6dHMaWTmq4G2tsbKWpFrMiZhZnnhS3t0r7
4K3yiLlfakMUgUmHeCr7UYbcBwZbMYIDMzCCAy8CAQEwgYAweTEQMA4GA1UEChMHUm9vdCBDQTEe
MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcg
QXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAw0EljAJBgUrDgMC
GgUAoIIBhzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTAzMDcy
MDE3MDVaMCMGCSqGSIb3DQEJBDEWBBRRS3kWJN7Zu8KtKb2oVOLuHpHP3jCBkQYJKwYBBAGCNxAE
MYGDMIGAMHkxEDAOBgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9y
ZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3Vw
cG9ydEBjYWNlcnQub3JnAgMNBJYwgZMGCyqGSIb3DQEJEAILMYGDoIGAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBT
aWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMNBJYw
DQYJKoZIhvcNAQEBBQAEggEAYlE85/7FW+aLkty9wMO65uYlxohImndEVi8vP/D4vv4uJc/igelh
LqVwsbSUKLktutalaGCBmSYAlQPcIYvJExBTWsQr8Sjczn/VompVwcaKplW4DHxqhgQSxjvuxPW2
z9dJ9t2i3GXom1xd8nrj3kAdyeURdcIB1IVBpa3cXgjfWB8sbEnAfq86wgX/q1zdAYi9uN/5Ct56
S44+yRa5Mfed6YydwD12+MR6rGor2yoGxoY7S/EBnXmNU6JTiuE3oFOuHVdkbK7Ti5C450xkd5ga
3gOxxSTw6yImqYxkwEAHj/R1iOI2fXC5DELBwVPM3FqVZRaL8jr8amRol9Q70gAAAAAAAA==
--Apple-Mail=_CAE55768-E218-4791-804D-A70A302FF569--
--===============0288535320==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0288535320==--
