Skip Menu |

Subject: git commit

Parse all kadm5.acl fields at startup

Parse the client principal name, target principal name, and
restrictions field of kadm5.acl entries when the file is loaded, not
later on when an attempt is made to match the entry.

This change affects the error-handling behavior of kadm5.acl files.
Previously, a syntax error in the line structure (such as having only
one field) would cause the whole file to be rejected, but an error
within a principal name or restrictions string would cause only that
entry to be discarded. After this change, any parsing failure will
cause the whole file to be rejected.
Author: Greg Hudson <>
Commit: 83d47cda7412c3b41a2da4da14e6162a0e9f2630
Branch: master
src/kadmin/server/auth_acl.c | 91 +++++++++++++----------------------------
1 files changed, 29 insertions(+), 62 deletions(-)