[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kadmin acl file, and kpasswd cracklib..

To: Troy Benjegerdes <hozer@drgw.net>
Subject: Re: kadmin acl file, and kpasswd cracklib..
From: joda@pdc.kth.se (Johan Danielsson)
Date: 11 Jun 2002 12:27:03 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: Troy Benjegerdes's message of "Mon, 10 Jun 2002 17:06:22 -0500"
References: <20020610170622.L29892@altus.drgw.net>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

Troy Benjegerdes <hozer@drgw.net> writes:

> b) patches for Heimdal kadmind to support something like the following
>    in kadmind.acl:
> 
> 
> */admin		all	*@FOO.COM

You can't have wildcarded admins now, but it should be simple to do:

--- acl.c	2001/08/24 04:01:42	1.13
+++ acl.c	2002/06/11 10:25:09
@@ -103,7 +103,7 @@
 	ret = krb5_parse_name(context->context, p, &this_princ);
 	if(ret)
 	    break;
-	if(!krb5_principal_compare(context->context, 
+	if(!krb5_principal_match(context->context, 
 				   context->caller, this_princ)) {
 	    krb5_free_principal(context->context, this_princ);
 	    continue;

Haven't tested, and haven't thought about any consequences.

/Johan

Follow-Ups:
- Re: kadmin acl file, and kpasswd cracklib..
  - From: Troy Benjegerdes <hozer@drgw.net>

References:
- kadmin acl file, and kpasswd cracklib..
  - From: Troy Benjegerdes <hozer@drgw.net>

Prev by Date: Re: openssl-0.9.6c krb4.1.1.1 libdes
Next by Date: Re: kadmin acl file, and kpasswd cracklib..
Prev by thread: kadmin acl file, and kpasswd cracklib..
Next by thread: Re: kadmin acl file, and kpasswd cracklib..
Index(es):
- Date
- Thread