back-referenced wildcards in kadm5.acl

Kenneth MacDonald Kenneth.MacDonald at ed.ac.uk
Thu Jul 17 19:45:30 EDT 2014


Quoting John Devitofranceschi <jdvf at optonline.net> on Thu, 17 Jul 2014  
15:51:06 -0400:

>
>> On Jul 17, 2014, at 12:37, Greg Hudson <ghudson at MIT.EDU> wrote:
>>
>>> On 07/16/2014 06:34 PM, John Devitofranceschi wrote:
>>> host/*@MYREALM.COM x */*1 at MYREALM.COM
>>
>> This works for me in 1.11, 1.12, and the master branch.  So, your
>> expectation isn't unreasonable, but I'm not sure why it doesn't work for
>> you.
>>
>> Note that kadmind will not reread its ACL file until it is restarted.
>
> I can get it to work with other wild card use cases, like:
>
> *@MYREALM.COM cli   *1/admin at MYREALM.COM
>
> Just not the example I gave originally.

This is because the wildcard matching only operates on whole  
components, not substrings of them.  There are various patches  
floating around that extend this to regular expressions or substrings.  
  I have one, but I'm on holiday at the moment.  I'll try to remember  
to follow up when I get back.

Cheers,

Kenny.



-- 
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.




More information about the Kerberos mailing list