Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make the example and documentation a closer match to reality. In particular, the list permission is all-or-nothing; it is not restricted in scope by the target_principal field. Change the table entry to try and indicate this fact, and do not put list permissions on any example line that is scoped by a target_principal pattern. While here, remove the nonsensical granting of global inquire permissions to */* (inaccurately described as "all principals"), and the granting of privileges to foreign-realm principals. It is not possible to obtain an initial ticket (as required by the kadmin service) for a principal in a different realm, and the current kadmind implementation can serve only a single realm at a time -- this permission literally has no effect. Replace it with a (presumably automated) "Service Management System" example, where it might make sense to limit the principals which are automatically created. ticket: 7939
- Loading branch information