Can I give a user the ability to change the passwords on a subset of accounts in the kerberos database? This is what I have tried I have a users that conform to this, cs424001-cs424100 and I have a principal that wants to change their passwords, testing I have tried this in the acl file, testing at REALM.COM ci cs424*@REALM.COM but does not seem to work... any thoughts?