weak regex/glob in listprincs in kadmin (on ldap)?
checker at d6.com
Sun Jul 11 21:23:33 EDT 2021
>From looking at the code in src/lib/kadm5/srv/svr_iters.c
it seems like the listprincs command should support  patterns like
che[ca]* but it doesn't in my version (1.15.1 on centos with ldap
backend). listprincs chec* works of course.
There's also no way to iterate in the API and listprincs just give a
generic server error on too big of a result, so I was going to bisect
using brackets and found they weren't supported. I haven't tried
debugging it yet, but is this because the ldap backend doesn't support
Is there a recommended way of using the kadm5 interface to iterate
through tons of principals?
PS. The thing that started this is I'm trying figure out which princs
have passwords that are about to expire.
More information about the Kerberos