[37563] in Kerberos
Re: How to find all users in a policy
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sat Jul 9 02:22:56 2016
To: "Ramaiah, Vanna G." <ramaiah@musc.edu>,
"kerberos@mit.edu" <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <5780982F.3010008@mit.edu>
Date: Sat, 9 Jul 2016 02:22:39 -0400
MIME-Version: 1.0
In-Reply-To: <AE3FEB1BD25D22479E9F293EBBF869B90119DC2536@exg-mb10a.clinlan.local>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 07/08/2016 11:10 AM, Ramaiah, Vanna G. wrote:
> We recently applied a password policy to a few users. How can I get a list of all users that has policy applied?
kadmin doesn't have that kind of search capability.
Starting in release 1.14, you can use "kdb5_util tabdump princ_meta" on
the KDC, which displays the policy name in the fifth field. The fifth
field can be empty, so you have to be a little careful in how you
process the output with standard Unix tools, but the following will work:
kdb5_util tabdump -H princ_meta | \
awk -F '\t' '$5 == "mypolname" {print $1}'
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos