On 07/08/2016 11:10 AM, Ramaiah, Vanna G. wrote: > We recently applied a password policy to a few users. How can I get a list of > all users that has policy applied?
kadmin doesn't have that kind of search capability. Starting in release 1.14, you can use "kdb5_util tabdump princ_meta" on the KDC, which displays the policy name in the fifth field. The fifth field can be empty, so you have to be a little careful in how you process the output with standard Unix tools, but the following will work: kdb5_util tabdump -H princ_meta | \ awk -F '\t' '$5 == "mypolname" {print $1}' ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos