On 06/09/2014 03:11 PM, Jorj Bauer wrote: > src/kadmin/server/server_stubs.c has an oversight in the handling of ACL_LIST > which prevents ACLs like this from functioning:
I think that is deliberate, not an oversight. The argument to get_princs is a pattern, not a principal name; parsing it as a principal name and matching it against the ACL target pattern would have fuzzy semantics at best. I do see that our documentation uses list permissions in an example with a target principal, which is deceptive. We should be explicit that list permission is all or nothing. I will file an issue. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos