[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cool, Thanks!

30 aug 2007 kl. 02.42 skrev Henry B. Hotz:

> I'm assuming this is an admin interface to the ACL entry in the  
> datbase so you can define an arbitrary mapping between X509  
> certificate DN's and principal names

Yes, using:

kadmin modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" foo@REALM

You can have mutiple --pkinit-acl entries in the same command,  
however since I'm lazy, its a set-operation, not a modify. so it will  
reset the list to that you set in the last command.