[38664] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

kadmin ignoring target column ?

daemon@ATHENA.MIT.EDU (Laura Smith)
Sun Jan 12 14:01:43 2020

Date: Sun, 12 Jan 2020 19:01:11 +0000
To: "kerberos@mit.edu" <kerberos@mit.edu>
From: Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch>
Message-ID: <u0YRw6QNODZjvdlkv9Y-uiLN5ACBt1RrqutUG_CDLmnWXTVbz_bSccIXVYb1MvunwaQTn6T_IrrrTdp5GV6J2fZ9p29KerzqpxGmzdF1J_k=@protonmail.ch>
MIME-Version: 1.0
Reply-To: Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit

Hi,

I am trying to create a suitably restricted user for use with configuration automation (SaltStack ).  My line looks like the following :

saltstack/admin@EXAMPLE.COM ADMCIL nfs/*@EXAMPLE.COM

I have edited kadm5.acl and restarted kadmind, however list_princs returns a list of all principals, not just nfs/* ?

If I remove the target column (i.e. saltstack/admin@EXAMPLE.COM ADMCIL)  and restart kadmind, then ADMCIL operates as expected (blocks list_princs entirely).

What am I missing ?

Laura

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38664] in Kerberos

kadmin ignoring target column ?

daemon@ATHENA.MIT.EDU (Laura Smith)Sun Jan 12 14:01:43 2020

daemon@ATHENA.MIT.EDU (Laura Smith)
Sun Jan 12 14:01:43 2020