back-referenced wildcards in kadm5.acl

John Devitofranceschi jdvf at optonline.net
Wed Jul 16 18:34:58 EDT 2014


If I want to allow the host principal for a given system to manage other hostname-based principals for the same host (to enable some kind of automation, say), based on the documentation, I would expect that an entry in kadm5.acl that looks like this:

host/*@MYREALM.COM x */*1 at MYREALM.COM

would permit:

	 host/system1.myrealm.com at MYREALM.COM 

to create:
	
	nfs/system1.myrealm.com at MYREALM.COM

or

	HTTP/system1.myrealm.com at MYREALM.COM

But this does not seem to be the case with 1.11.3.

Is my expectation unreasonable?


jd




More information about the Kerberos mailing list