back-referenced wildcards in kadm5.acl

John Devitofranceschi Wed, 16 Jul 2014 15:38:26 -0700

If I want to allow the host principal for a given system to manage other 
hostname-based principals for the same host (to enable some kind of automation, 
say), based on the documentation, I would expect that an entry in kadm5.acl 
that looks like this:


host/*@MYREALM.COM x */*1...@myrealm.com

would permit:

         host/system1.myrealm....@myrealm.com 

to create:
        
        nfs/system1.myrealm....@myrealm.com

or

        HTTP/system1.myrealm....@myrealm.com

But this does not seem to be the case with 1.11.3.

Is my expectation unreasonable?


jd


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

back-referenced wildcards in kadm5.acl

Reply via email to