Hi all, I am working on setting up wallet in our environment and for the most part have been please that it suits our needs well. First a bit of background on our setup. We have two host keytabs per system to handle hosts changing hostname without in person intervention. When the system is loaded initially, we require a user to authenticate to generate and deploy a machine keytab. The master keytab then has permissions to get the FQDN keytab as necessary.
We would like to restrict certain acls to only reload certain hosts. I have a local patch to allow ldap-group acls. An example of what I'd like to setup is have members of the group foo-reloaders only be able to autocreate acls for hosts with fqdn matching ^bar*.engin.umich.edu. Is there an easy way to do this with wallet as is? or how much work would it be to implement something like this? Thanks, Ross Smith <[email protected]> College of Engineering - CAEN - Unix and Linux Support ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
