more complex kadm5.acl

Greg Hudson ghudson at
Sun Jul 23 22:40:47 EDT 2017

On 07/22/2017 12:55 PM, Michael Ströder wrote:
> Are there more complex kadm5.acl examples out there leveraging more complex naming
> schemes for principal instances and realms? Or even more detailed presentations/docs?

You could look at the ACL file written by the automated test script:

The source code for parsing the ACL file also isn't large.  We recently
refactored it without changing its behavior much, so you can look at the
old or new versions:

We are also working on a pluggable interface for kadmin authorization,
targeted for 1.16:

More information about the Kerberos mailing list