How to find all users in a policy
Greg Hudson
ghudson at mit.edu
Sat Jul 9 02:22:39 EDT 2016
On 07/08/2016 11:10 AM, Ramaiah, Vanna G. wrote:
> We recently applied a password policy to a few users. How can I get a list of all users that has policy applied?
kadmin doesn't have that kind of search capability.
Starting in release 1.14, you can use "kdb5_util tabdump princ_meta" on
the KDC, which displays the policy name in the fifth field. The fifth
field can be empty, so you have to be a little careful in how you
process the output with standard Unix tools, but the following will work:
kdb5_util tabdump -H princ_meta | \
awk -F '\t' '$5 == "mypolname" {print $1}'
More information about the Kerberos
mailing list