[36288] in Kerberos
Re: back-referenced wildcards in kadm5.acl
daemon@ATHENA.MIT.EDU (Kenneth MacDonald)
Thu Jul 17 19:45:44 2014
Message-ID: <20140718004530.53103jcdiyh94xkw@www.staffmail.ed.ac.uk>
Date: Fri, 18 Jul 2014 00:45:30 +0100
From: Kenneth MacDonald <Kenneth.MacDonald@ed.ac.uk>
To: kerberos@mit.edu
In-Reply-To: <C8EA1685-CD8F-4CA9-8EC4-861B6DE9A523@optonline.net>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Quoting John Devitofranceschi <jdvf@optonline.net> on Thu, 17 Jul 2014
15:51:06 -0400:
>
>> On Jul 17, 2014, at 12:37, Greg Hudson <ghudson@MIT.EDU> wrote:
>>
>>> On 07/16/2014 06:34 PM, John Devitofranceschi wrote:
>>> host/*@MYREALM.COM x */*1@MYREALM.COM
>>
>> This works for me in 1.11, 1.12, and the master branch. So, your
>> expectation isn't unreasonable, but I'm not sure why it doesn't work for
>> you.
>>
>> Note that kadmind will not reread its ACL file until it is restarted.
>
> I can get it to work with other wild card use cases, like:
>
> *@MYREALM.COM cli *1/admin@MYREALM.COM
>
> Just not the example I gave originally.
This is because the wildcard matching only operates on whole
components, not substrings of them. There are various patches
floating around that extend this to regular expressions or substrings.
I have one, but I'm on holiday at the moment. I'll try to remember
to follow up when I get back.
Cheers,
Kenny.
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
