[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kadmin ACL question

In AFS a user can do a a kas examine to look at his own principal. 
In particular he can see what his password expiration time is.

It would appear that the equivalent Kerberos 5 command is kadmin get. 
Is there an ACL entry that would match all principals with null 
instances (ordinary users) and allow them to do a get operation, but 
only on themselves, not anyone else?

Is the answer to the above perchance different for MIT?
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu