kadmin ignoring target column ?
Laura Smith
n5d9xq3ti233xiyif2vp at protonmail.ch
Sun Jan 12 14:01:11 EST 2020
Hi,
I am trying to create a suitably restricted user for use with configuration automation (SaltStack ). My line looks like the following :
saltstack/admin at EXAMPLE.COM ADMCIL nfs/*@EXAMPLE.COM
I have edited kadm5.acl and restarted kadmind, however list_princs returns a list of all principals, not just nfs/* ?
If I remove the target column (i.e. saltstack/admin at EXAMPLE.COM ADMCIL) and restart kadmind, then ADMCIL operates as expected (blocks list_princs entirely).
What am I missing ?
Laura
More information about the Kerberos
mailing list