Kenny,
Sounds like a cunning plan ! Will go experiment.
Thanks
Laura
‐‐‐ Original Message ‐‐‐
On Monday, January 13, 2020 5:23 PM, Kenneth MacDonald
wrote:
> Laura,
>
> If you can change the name of the principal Salt is using, then your
> authorisation rules would not require one to
Laura,
If you can change the name of the principal Salt is using, then your
authorisation rules would not require one to deny it any other
permissions. The "admin" word isn't required to grant admin type
permissions.
For example if you changed it to "saltstack/salt.admin" you'd only
require,
sa
‐‐‐ Original Message ‐‐‐
On Monday, January 13, 2020 4:19 PM, Greg Hudson wrote:
> On 1/13/20 3:44 AM, Laura Smith wrote:
>
> > Am aware of the list ordering requirement, and to that extent the ACL entry
> > in question was quite deliberately placed at the top.
>
> kadmind will continue
On 1/13/20 3:44 AM, Laura Smith wrote:
> Am aware of the list ordering requirement, and to that extent the ACL entry
> in question was quite deliberately placed at the top.
kadmind will continue on if the operation's target doesn't match the
entry's target. So if you have a later entry for, say,
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Sunday, January 12, 2020 10:48 PM, Greg Hudson wrote:
> On 1/12/20 2:01 PM, Laura Smith wrote:
>
> Since all of the permission bits are in uppercase, that line should
> grant no permissions to saltstack/admin. When I test
On 1/12/20 2:01 PM, Laura Smith wrote:
> I am trying to create a suitably restricted user for use with configuration
> automation (SaltStack ). My line looks like the following :
>
> saltstack/ad...@example.com ADMCIL nfs/*@EXAMPLE.COM
The man page says:
If the character is *upper-case*, t
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Sunday, January 12, 2020 7:17 PM, Russ Allbery wrote:
> Laura Smith n5d9xq3ti233xiyif...@protonmail.ch writes:
>
> > I am trying to create a suitably restricted user for use with
> > configuration automation (SaltStack ).
Laura Smith writes:
> I am trying to create a suitably restricted user for use with
> configuration automation (SaltStack ). My line looks like the following:
> saltstack/ad...@example.com ADMCIL nfs/*@EXAMPLE.COM
> I have edited kadm5.acl and restarted kadmind, however list_princs
> returns a
Hi,
I am trying to create a suitably restricted user for use with configuration
automation (SaltStack ). My line looks like the following :
saltstack/ad...@example.com ADMCIL nfs/*@EXAMPLE.COM
I have edited kadm5.acl and restarted kadmind, however list_princs returns a
list of all principals,
