ACLs question
Bob Dowling
rjd4 at cam.ac.uk
Wed Jul 28 06:51:07 EDT 2004
I'm running a KCD/kadmind on a Fedora box using Fedora's packages (1.3.1
release 6) and am having problems with my wildcarded ACLs.
My situation is that I have a DNS domain with a very large number of
subdomains (and subsubdomains etc. ad nauseam) whose computers may require
host principals. I would like to be able to delegate control of these to
the people responsible for the computers in each subdomain (departmental
computing staff, conscripted PhD students, etc.).
I have been able to get wildcard ACLs working of the form
rjd4/manager at TEST.CAM.AC.UK * host/*@TEST.CAM.AC.UK
but not of the form
rjd4/manager at TEST.CAM.AC.UK * host/*.foo.cam.ac.uk at TEST.CAM.AC.UK
though there are no parse errors reported to the kadmind logs.
Am I doing something wrong or is this a genuine limitation in the parsing
of the ACLs file? If the latter could I propose that kadmind logs
something about not being able to parse a line in kadm5.acl?
More information about the Kerberos
mailing list