On 07/22/2017 12:55 PM, Michael Ströder wrote: > Are there more complex kadm5.acl examples out there leveraging more complex > naming > schemes for principal instances and realms? Or even more detailed > presentations/docs?
You could look at the ACL file written by the automated test script: https://github.com/krb5/krb5/blob/master/src/tests/t_kadmin_acl.py#L48 The source code for parsing the ACL file also isn't large. We recently refactored it without changing its behavior much, so you can look at the old or new versions: https://github.com/krb5/krb5/blob/krb5-1.15/src/lib/kadm5/srv/server_acl.c https://github.com/krb5/krb5/blob/master/src/kadmin/server/auth_acl.c We are also working on a pluggable interface for kadmin authorization, targeted for 1.16: https://k5wiki.kerberos.org/wiki/Projects/kadmin_access_interface https://github.com/krb5/krb5/pull/675 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
