You're right, I've been reading a lot the MIT documentation because the Heimdal one is not very good. I made the wrong assumption that also the acl file syntax was the same, sorry. By the way, Heimdal is a pretty old project at this point in time but it doesn't seem to be very actively maintained. Is there a way to improve the documentation somehow? There are sections which are scarcely written and perhaps not even correct (like the incremental propagation one).
On Sun, 2018-08-05 at 18:15 -0400, Viktor Dukhovni wrote: > > On Aug 5, 2018, at 5:58 PM, ASV <a...@inhio.net> wrote: > > > > For example I'm changing the password of a...@bla.net and the > > principle > > IS in the acl file as: > > a...@bla.net c (or C which should deny it) > > You're reading the MIT Kerberos documentation for the kadmind.acl > file. In heimdal the syntax is different. See for example: > > https://manpages.debian.org/jessie/heimdal-kdc/kadmind.8.en.html >
