The following entry in the kadm5.acl file gives any principal in the EXAMPLE.COM realm with the admin instance all the privileges on the Kerberos database.
*/admin@EXAMPLE.COM * |
The following entry in the kadm5.acl file gives the jdb@EXAMPLE.COM principal the privilege to add, list, and inquire about any principal that has the root instance.
jdb@EXAMPLE.COM ali */root@EXAMPLE.COM |