back-referenced wildcards in kadm5.acl
John Devitofranceschi
jdvf at optonline.net
Wed Jul 16 18:34:58 EDT 2014
If I want to allow the host principal for a given system to manage other hostname-based principals for the same host (to enable some kind of automation, say), based on the documentation, I would expect that an entry in kadm5.acl that looks like this:
host/*@MYREALM.COM x */*1 at MYREALM.COM
would permit:
host/system1.myrealm.com at MYREALM.COM
to create:
nfs/system1.myrealm.com at MYREALM.COM
or
HTTP/system1.myrealm.com at MYREALM.COM
But this does not seem to be the case with 1.11.3.
Is my expectation unreasonable?
jd
More information about the Kerberos
mailing list