Project review: policy refcount elimination
Nico Williams
nico at cryptonector.com
Wed Jan 9 01:52:28 EST 2013
On Wed, Jan 9, 2013 at 12:31 AM, Greg Hudson <ghudson at mit.edu> wrote:
> On 01/08/2013 08:14 PM, Nico Williams wrote:
>> Could you make the kadmin/kadmin.local getprinc command fetch the
>> princ's policy and display dangling policies? (e.g., "Policy: foo*"
>> or "Policy: foo [non-existent]")
>
> That's a good idea. I already have addprinc and modprinc warning (in
> the kadmin client code) if you specify a policy which doesn't exist;
> it's easy enough to make getprinc annotate nonexistent policy names.
OK, good. It will make getprinc a bit slower, and it's possible to
race getprinc against addpol/delpol, but I think that's no big deal.
More information about the krbdev
mailing list