[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kadmin "privs" question
On Tue, 29 Jul 2003, Love wrote:
>
> Alf Wachsmann <alfw@SLAC.Stanford.EDU> writes:
>
> > How do I remotely (i.e. not _on_ one of my KDCs) find out what
> > privileges a certain account has?
>
> Right now, not at all. I agree that it might be useful to know remotely.
> [...]
> So, I guess the list of acls that the match the principal might be sent
> back. That certainly would give you the information you want, but the
> question is if that is want you/other wanted.
Yes, that is what I need.
I am thinking along the lines of adding one more line to the
"kadmin list -l <principal>" output like this:
Principal: jimmy/admin@E.KTH.SE
....
Attributes:
Privileges: delete, get, list, cpw, add, modify
This could facilitate the fetch_acl() function on the kadmind side and
the _kadm5_privs_to_string() function in kadmin to convert the returned
ACLs to the list.
-- Alf.
-----------------------------------------------------------------------
Alf Wachsmann | e-mail: alfw@slac.stanford.edu
SLAC Computing Service | Phone: +1-650-926-4802
2575 Sand Hill Road, M/S 97 | FAX: +1-650-926-3329
Menlo Park, CA 94025, USA | Office: Bldg. 50/323
-----------------------------------------------------------------------
http://www.slac.stanford.edu/~alfw (PGP)
-----------------------------------------------------------------------