[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kadmin "privs" question

On Tue, 29 Jul 2003, Love wrote:
> Alf Wachsmann <alfw@SLAC.Stanford.EDU> writes:
> > How do I remotely (i.e. not _on_ one of my KDCs) find out what
> > privileges a certain account has?
> Right now, not at all. I agree that it might be useful to know remotely.
> [...]
> So, I guess the list of acls that the match the principal might be sent
> back. That certainly would give you the information you want, but the
> question is if that is want you/other wanted.

Yes, that is what I need.

I am thinking along the lines of adding one more line to the
"kadmin list -l <principal>" output like this:
               Principal: jimmy/admin@E.KTH.SE
              Privileges: delete, get, list, cpw, add, modify

This could facilitate the fetch_acl() function on the kadmind side and
the _kadm5_privs_to_string() function in kadmin to convert the returned
ACLs to the list.

-- Alf.

  Alf Wachsmann                       | e-mail: alfw@slac.stanford.edu
  SLAC Computing Service              | Phone:  +1-650-926-4802
  2575 Sand Hill Road, M/S 97         | FAX:    +1-650-926-3329
  Menlo Park, CA 94025, USA           | Office: Bldg. 50/323
                http://www.slac.stanford.edu/~alfw (PGP)