back-referenced wildcards in kadm5.acl
John Devitofranceschi
jdvf at optonline.net
Sat Mar 7 15:17:04 EST 2015
> On Jul 17, 2014, at 7:45 PM, Kenneth MacDonald <Kenneth.MacDonald at ed.ac.uk> wrote:
>
> Quoting John Devitofranceschi <jdvf at optonline.net> on Thu, 17 Jul 2014
> 15:51:06 -0400:
>
>>
>>> On Jul 17, 2014, at 12:37, Greg Hudson <ghudson at MIT.EDU> wrote:
>>>
>>>> On 07/16/2014 06:34 PM, John Devitofranceschi wrote:
>>>> host/*@MYREALM.COM x */*1 at MYREALM.COM
>>>
>>> This works for me in 1.11, 1.12, and the master branch. So, your
>>> expectation isn't unreasonable, but I'm not sure why it doesn't work for
>>> you.
>>>
>>> Note that kadmind will not reread its ACL file until it is restarted.
>>
>> I can get it to work with other wild card use cases, like:
>>
>> *@MYREALM.COM cli *1/admin at MYREALM.COM
>>
>> Just not the example I gave originally.
>
> This is because the wildcard matching only operates on whole
> components, not substrings of them. There are various patches
> floating around that extend this to regular expressions or substrings.
> I have one, but I'm on holiday at the moment. I'll try to remember
> to follow up when I get back.
I just started looking into this again, this time with 1.13.1 and my results are the same as when I tried last year.
Any patches or advice welcome!
jd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2446 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20150307/d423fbf0/attachment.bin
More information about the Kerberos
mailing list