back-referenced wildcards in kadm5.acl
Kenneth MacDonald
Kenneth.MacDonald at ed.ac.uk
Thu Jul 17 19:45:30 EDT 2014
Quoting John Devitofranceschi <jdvf at optonline.net> on Thu, 17 Jul 2014
15:51:06 -0400:
>
>> On Jul 17, 2014, at 12:37, Greg Hudson <ghudson at MIT.EDU> wrote:
>>
>>> On 07/16/2014 06:34 PM, John Devitofranceschi wrote:
>>> host/*@MYREALM.COM x */*1 at MYREALM.COM
>>
>> This works for me in 1.11, 1.12, and the master branch. So, your
>> expectation isn't unreasonable, but I'm not sure why it doesn't work for
>> you.
>>
>> Note that kadmind will not reread its ACL file until it is restarted.
>
> I can get it to work with other wild card use cases, like:
>
> *@MYREALM.COM cli *1/admin at MYREALM.COM
>
> Just not the example I gave originally.
This is because the wildcard matching only operates on whole
components, not substrings of them. There are various patches
floating around that extend this to regular expressions or substrings.
I have one, but I'm on holiday at the moment. I'll try to remember
to follow up when I get back.
Cheers,
Kenny.
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the Kerberos
mailing list