Kerberos (MIT) ACL correct?
Hey guys.
I'm having a problem with some ACL experiments in Kerberos.
According to description in the book "Kerberos: The Definitive Guide", an access list like this:
joe/admin@REALM *
mike/admin@REALM *
mike/admin@REALM ADMICL */admin@REALM
would forbidd mike/admin principal to do any actions on */admin principals.
However, on my installation, with the rules set as above, mike/admin is still able to perform anything. He can create / delete */admin principals with no restrictions whatsoever. I restarted kadmin daemon several times after applying the rules just to make sure it gets them properly. Still, no effect.
What's the deal? Thanks in advance
|