[36285] in Kerberos
Re: back-referenced wildcards in kadm5.acl
daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Thu Jul 17 15:51:25 2014
Date: Thu, 17 Jul 2014 15:51:06 -0400
From: John Devitofranceschi <jdvf@optonline.net>
In-reply-to: <53C7FBBF.1000307@mit.edu>
To: Greg Hudson <ghudson@mit.edu>
Message-id: <C8EA1685-CD8F-4CA9-8EC4-861B6DE9A523@optonline.net>
MIME-version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: multipart/mixed; boundary="===============1200062777=="
Errors-To: kerberos-bounces@mit.edu
--===============1200062777==
Content-type: multipart/signed;
boundary=Apple-Mail-DF0A1E89-06FF-46C9-8B1F-3DCDAF0ABE08;
protocol="application/pkcs7-signature"; micalg=sha1
Content-transfer-encoding: 7bit
--Apple-Mail-DF0A1E89-06FF-46C9-8B1F-3DCDAF0ABE08
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
> On Jul 17, 2014, at 12:37, Greg Hudson <ghudson@MIT.EDU> wrote:
>
>> On 07/16/2014 06:34 PM, John Devitofranceschi wrote:
>> host/*@MYREALM.COM x */*1@MYREALM.COM
>
> This works for me in 1.11, 1.12, and the master branch. So, your
> expectation isn't unreasonable, but I'm not sure why it doesn't work for
> you.
>
> Note that kadmind will not reread its ACL file until it is restarted.
I can get it to work with other wild card use cases, like:
*@MYREALM.COM cli *1/admin@MYREALM.COM
Just not the example I gave originally.
It seems that KRB5_TRACE is not much help with kadmind in this case either.
jd
--Apple-Mail-DF0A1E89-06FF-46C9-8B1F-3DCDAF0ABE08--
--===============1200062777==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1200062777==--
