more complex kadm5.acl
Greg Hudson
ghudson at mit.edu
Sun Jul 23 22:40:47 EDT 2017
On 07/22/2017 12:55 PM, Michael Ströder wrote:
> Are there more complex kadm5.acl examples out there leveraging more complex naming
> schemes for principal instances and realms? Or even more detailed presentations/docs?
You could look at the ACL file written by the automated test script:
https://github.com/krb5/krb5/blob/master/src/tests/t_kadmin_acl.py#L48
The source code for parsing the ACL file also isn't large. We recently
refactored it without changing its behavior much, so you can look at the
old or new versions:
https://github.com/krb5/krb5/blob/krb5-1.15/src/lib/kadm5/srv/server_acl.c
https://github.com/krb5/krb5/blob/master/src/kadmin/server/auth_acl.c
We are also working on a pluggable interface for kadmin authorization,
targeted for 1.16:
https://k5wiki.kerberos.org/wiki/Projects/kadmin_access_interface
https://github.com/krb5/krb5/pull/675
More information about the Kerberos
mailing list