[38947] in Kerberos
weak regex/glob in listprincs in kadmin (on ldap)?
daemon@ATHENA.MIT.EDU (Chris Hecker)
Sun Jul 11 21:26:20 2021
From: "Chris Hecker" <checker@d6.com>
To: kerberos@mit.edu
Date: Mon, 12 Jul 2021 01:23:33 +0000
Message-ID: <em4154e8a9-2617-4251-a579-17d9e235fa21@checker-blade15>
MIME-Version: 1.0
Reply-To: Chris Hecker <checker@d6.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>From looking at the code in src/lib/kadm5/srv/svr_iters.c
<https://github.com/krb5/krb5/blob/f573f7f8ee5269103a0492d6521a3242c5ffb63b/src/lib/kadm5/srv/svr_iters.c#L180>
it seems like the listprincs command should support [] patterns like
che[ca]* but it doesn't in my version (1.15.1 on centos with ldap
backend). listprincs chec* works of course.
There's also no way to iterate in the API and listprincs just give a
generic server error on too big of a result, so I was going to bisect
using brackets and found they weren't supported. I haven't tried
debugging it yet, but is this because the ldap backend doesn't support
them?
Is there a recommended way of using the kadm5 interface to iterate
through tons of principals?
Thanks,
Chris
PS. The thing that started this is I'm trying figure out which princs
have passwords that are about to expire.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
