.k5login wildcard

[Michael Conlen]

I am trying to work out a system where a principle

*/root at REALM

has access to login to an account (guess which one) or su to that 
account. I noticed a few years ago David Cross merged in a patch with 
alpha support for wildcards in the .k5login file, but that's the last I 
ever saw of it. This functionality would by hyperuseful for us as we 
could assign or revoke privs based on available principles as opposed to 
updating 2000 machines. (Consider an administrator being fired, you have 
to update all those machines fast, or just remove a principle in the KDC).

In any case, is this functionality around in code anymore, and if so how 
would one go about using it.

Thank you for your time.

--
Michael Conlen