[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cool, Thanks!

To: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: Cool, Thanks!
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Fri, 31 Aug 2007 16:28:19 +0200
Cc: Alan Stepakoff <astep@jpl.nasa.gov>
In-Reply-To: <50900C0B-4278-4D24-A043-256CA539FC20@jpl.nasa.gov>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <50900C0B-4278-4D24-A043-256CA539FC20@jpl.nasa.gov>
Reply-To: heimdal-discuss@sics.se, Love Hörnquist Åstrand <lha@kth.se>


30 aug 2007 kl. 02.42 skrev Henry B. Hotz:

> I'm assuming this is an admin interface to the ACL entry in the  
> datbase so you can define an arbitrary mapping between X509  
> certificate DN's and principal names

Yes, using:

kadmin modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" foo@REALM

You can have mutiple --pkinit-acl entries in the same command,  
however since I'm lazy, its a set-operation, not a modify. so it will  
reset the list to that you set in the last command.

Love

References:
- Cool, Thanks!
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Heimdal credentials: destroyed or expired?
Prev by thread: Cool, Thanks!
Next by thread: Hi
Index(es):
- Date
- Thread