Subject: heimdal-kdc: The glob-patten in kadmind.acl doesn't work.
Date: Thu, 12 Jun 2008 18:36:53 +0200
Package: heimdal-kdc
Version: 1.1-3
Severity: important
If you set any glob-pattern in kadmind.acl and want to check it in kadmin with 'privs'
it always replies 'none' as result. I guess that it's a problem with the 022_ftp-roken-glob patch,
because an upstream guy told me that it must be a problem with the glob() function and this
seems to me the only patch which changes something with glob().
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages heimdal-kdc depends on:
ii debconf [debconf-2.0] 1.5.21 Debian configuration management sy
ii heimdal-clients 1.1-3 Heimdal Kerberos - clients
ii krb5-config 1.18 Configuration files for Kerberos V
ii libasn1-8-heimdal 1.1-3 Heimdal Kerberos - ASN.1 library
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libdb4.2 4.2.52+dfsg-4 Berkeley v4.2 Database Libraries [
ii libhdb9-heimdal 1.1-3 Heimdal Kerberos - kadmin server l
ii libkadm5srv8-heimdal 1.1-3 Libraries for Heimdal Kerberos
ii libkdc2-heimdal 1.1-3 Heimdal Kerberos - KDC support lib
ii libkrb5-24-heimdal 1.1-3 Heimdal Kerberos - libraries
ii libldap-2.4-2 2.4.7-6.3 OpenLDAP libraries
ii libroken18-heimdal 1.1-3 Heimdal Kerberos - roken support l
ii libssl0.9.8 0.9.8g-10 SSL shared libraries
ii logrotate 3.7.1-3 Log rotation utility
ii openbsd-inetd [inet-supers 0.20080125-1 The OpenBSD Internet Superserver
heimdal-kdc recommends no packages.
-- debconf information excluded
Subject: Re: Bug#485962: heimdal-kdc: The glob-patten in kadmind.acl doesn't
work.
Date: Mon, 16 Jun 2008 16:07:39 +1000
Stephan Jennewein wrote:
> If you set any glob-pattern in kadmind.acl and want to check it in kadmin with 'privs'
> it always replies 'none' as result. I guess that it's a problem with the 022_ftp-roken-glob patch,
> because an upstream guy told me that it must be a problem with the glob() function and this
> seems to me the only patch which changes something with glob().
>
No, 022_ftp-roken-glob, like the name implies, only affects ftp, not kadmin.
Your problem must lie elsewhere...
Brian May
Can you still reproduce this with current Heimdal? I am using globs
fine in kadmind.acl. If you can still reproduce it, can you add some
details on the kind of glob that is not working for you?
Thanks,
Jelmer
Package: heimdal-kdc
Version: 1.6~rc2+dfsg-8
Tags: jessie
I can confirm that there is at least some difficulty with glob patterns. I
can only get the proper privs when I type out the entire name of each
principal in the kadmind.acl file, like so:
host/[email protected] list,get,change-password
On the remote machine I can get:
$ kadmin -p host/hostname privs
host/[email protected]'s Password:
change-password, list, get
Any attempt at glob patterns fails me:
host/*@EXAMPLE.COM list,get,change-password
host/.*@EXAMPLE.COM list,get,change-password
host/hostname*@EXAMPLE.COM list,get,change-password
*/*@EXAMPLE.COM list,get,change-password
*@EXAMPLE.COM list,get,change-password
host/host*@EXAMPLE.COM list,get,change-password
All of the above example return 'none' when I issue the 'privs' command
from a remote machine.
Submitted bug report at the upstream GitHub project:
https://github.com/heimdal/heimdal/issues/617
On Thu, 13 Nov 2014 23:58:30 +0000 Linux Luser <[email protected]> wrote:
> Package: heimdal-kdc
> Version: 1.6~rc2+dfsg-8
> Tags: jessie
>
> I can confirm that there is at least some difficulty with glob patterns. I
> can only get the proper privs when I type out the entire name of each
> principal in the kadmind.acl file, like so:
>
> host/[email protected] list,get,change-password
>
> On the remote machine I can get:
>
> $ kadmin -p host/hostname privs
> host/[email protected]'s Password:
> change-password, list, get
>
> Any attempt at glob patterns fails me:
>
> host/*@EXAMPLE.COM list,get,change-password
> host/.*@EXAMPLE.COM list,get,change-password
> host/hostname*@EXAMPLE.COM list,get,change-password
> */*@EXAMPLE.COM list,get,change-password
> *@EXAMPLE.COM list,get,change-password
> host/host*@EXAMPLE.COM list,get,change-password
>
> All of the above example return 'none' when I issue the 'privs' command
> from a remote machine.
Submitted bug report at the upstream GitHub project:
https://github.com/heimdal/heimdal/issues/617
On Thu, 13 Nov 2014 23:58:30 +0000 Linux Luser <[email protected]> wrote:
> Package: heimdal-kdc
> Version: 1.6~rc2+dfsg-8
> Tags: jessie
>
> I can confirm that there is at least some difficulty with glob patterns. I
> can only get the proper privs when I type out the entire name of each
> principal in the kadmind.acl file, like so:
>
> host/[email protected] list,get,change-password
>
> On the remote machine I can get:
>
> $ kadmin -p host/hostname privs
> host/[email protected]'s Password:
> change-password, list, get
>
> Any attempt at glob patterns fails me:
>
> host/*@EXAMPLE.COM list,get,change-password
> host/.*@EXAMPLE.COM list,get,change-password
> host/hostname*@EXAMPLE.COM list,get,change-password
> */*@EXAMPLE.COM list,get,change-password
> *@EXAMPLE.COM list,get,change-password
> host/host*@EXAMPLE.COM list,get,change-password
>
> All of the above example return 'none' when I issue the 'privs' command
> from a remote machine.
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.