.k5login wildcard

Michael Conlen mconlen at neutelligent.com
Tue Oct 21 15:43:07 EDT 2003

I am trying to work out a system where a principle

*/root at REALM

has access to login to an account (guess which one) or su to that 
account. I noticed a few years ago David Cross merged in a patch with 
alpha support for wildcards in the .k5login file, but that's the last I 
ever saw of it. This functionality would by hyperuseful for us as we 
could assign or revoke privs based on available principles as opposed to 
updating 2000 machines. (Consider an administrator being fired, you have 
to update all those machines fast, or just remove a principle in the KDC).

In any case, is this functionality around in code anymore, and if so how 
would one go about using it.

Thank you for your time.

Michael Conlen

More information about the Kerberos mailing list