[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kadmin acl file, and kpasswd cracklib..
This change appears to work fine. Could we get this included in the next
version of heimdal? (after someone else confirms correct behavior?)
On Tue, Jun 11, 2002 at 12:27:03PM +0200, Johan Danielsson wrote:
> Troy Benjegerdes <hozer@drgw.net> writes:
>
> > b) patches for Heimdal kadmind to support something like the following
> > in kadmind.acl:
> >
> >
> > */admin all *@FOO.COM
>
> You can't have wildcarded admins now, but it should be simple to do:
>
> --- acl.c 2001/08/24 04:01:42 1.13
> +++ acl.c 2002/06/11 10:25:09
> @@ -103,7 +103,7 @@
> ret = krb5_parse_name(context->context, p, &this_princ);
> if(ret)
> break;
> - if(!krb5_principal_compare(context->context,
> + if(!krb5_principal_match(context->context,
> context->caller, this_princ)) {
> krb5_free_principal(context->context, this_princ);
> continue;
>
> Haven't tested, and haven't thought about any consequences.
>
> /Johan
>
--
Troy Benjegerdes | master of mispeeling | 'da hozer' | hozer@drgw.net
-----"If this message isn't misspelled, I didn't write it" -- Me -----
"Why do musicians compose symphonies and poets write poems? They do it
because life wouldn't have any meaning for them if they didn't. That's
why I draw cartoons. It's my life." -- Charles Schulz