Kerberos (MIT) ACL correct?
Hey guys.
I'm having a problem with some ACL experiments in Kerberos. According to description in the book "Kerberos: The Definitive Guide", an access list like this: joe/admin@REALM * mike/admin@REALM * mike/admin@REALM ADMICL */admin@REALM would forbidd mike/admin principal to do any actions on */admin principals. However, on my installation, with the rules set as above, mike/admin is still able to perform anything. He can create / delete */admin principals with no restrictions whatsoever. I restarted kadmin daemon several times after applying the rules just to make sure it gets them properly. Still, no effect. What's the deal? Thanks in advance |
All times are GMT -5. The time now is 08:21 AM. |