[36278] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

back-referenced wildcards in kadm5.acl

daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Wed Jul 16 18:35:23 2014

Date: Wed, 16 Jul 2014 18:34:58 -0400
From: John Devitofranceschi <jdvf@optonline.net>
To: kerberos@mit.edu
Message-id: <A4C4AA44-B587-4DF2-BD3D-B51EA6C5FFC4@optonline.net>
MIME-version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

If I want to allow the host principal for a given system to manage other hostname-based principals for the same host (to enable some kind of automation, say), based on the documentation, I would expect that an entry in kadm5.acl that looks like this:

host/*@MYREALM.COM x */*1@MYREALM.COM

would permit:

	 host/system1.myrealm.com@MYREALM.COM 

to create:

	nfs/system1.myrealm.com@MYREALM.COM

or

	HTTP/system1.myrealm.com@MYREALM.COM

But this does not seem to be the case with 1.11.3.

Is my expectation unreasonable?

jd

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[36278] in Kerberos

back-referenced wildcards in kadm5.acl

daemon@ATHENA.MIT.EDU (John Devitofranceschi)Wed Jul 16 18:35:23 2014

daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Wed Jul 16 18:35:23 2014