back-referenced wildcards in kadm5.acl
John Devitofranceschi
jdvf at optonline.net
Thu Jul 17 15:51:06 EDT 2014
> On Jul 17, 2014, at 12:37, Greg Hudson <ghudson at MIT.EDU> wrote:
>
>> On 07/16/2014 06:34 PM, John Devitofranceschi wrote:
>> host/*@MYREALM.COM x */*1 at MYREALM.COM
>
> This works for me in 1.11, 1.12, and the master branch. So, your
> expectation isn't unreasonable, but I'm not sure why it doesn't work for
> you.
>
> Note that kadmind will not reread its ACL file until it is restarted.
I can get it to work with other wild card use cases, like:
*@MYREALM.COM cli *1/admin at MYREALM.COM
Just not the example I gave originally.
It seems that KRB5_TRACE is not much help with kadmind in this case either.
jd
More information about the Kerberos
mailing list