[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kadmin ACL question

To: heimdal-discuss@sics.se
Subject: kadmin ACL question
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Thu, 2 Oct 2003 17:48:35 -0700
In-Reply-To: <p0521060fbba17072f45d@[137.78.212.225]>
References: <Pine.OSF.4.58.0309301648040.198353@lib-eth.natur.cuni.cz><Pine.OSF.4.51.0309301754480.115349@tao.natur.cuni.cz><amad8mceaa.fsf@nutcracker.stacken.kth.se><Pine.OSF.4.58.0310010701560.197780@lib-eth.natur.cuni.cz><Pine.OSF.4.51.0310010849500.271815@tao.natur.cuni.cz><p0521060fbba17072f45d@[137.78.212.225]>
Sender: owner-heimdal-discuss@sics.se

In AFS a user can do a a kas examine to look at his own principal. 
In particular he can see what his password expiration time is.

It would appear that the equivalent Kerberos 5 command is kadmin get. 
Is there an ACL entry that would match all principals with null 
instances (ordinary users) and allow them to do a get operation, but 
only on themselves, not anyone else?

Is the answer to the above perchance different for MIT?
-- 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: kadmin ACL question
  - From: Love <lha@stacken.kth.se>

References:
- Re: need more explanation on krb4->krb5 conversion
  - From: David Komanek <xdavid@lib-eth.natur.cuni.cz>
- Re: need more explanation on krb4->krb5 conversion
  - From: Martin MOKREJŠ <mmokrejs@natur.cuni.cz>
- Re: need more explanation on krb4->krb5 conversion
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Re: need more explanation on krb4->krb5 conversion
Next by Date: Re: kadmin ACL question
Prev by thread: Re: need more explanation on krb4->krb5 conversion
Next by thread: Re: kadmin ACL question
Index(es):
- Date
- Thread