Provided by: krb5-wallet-server_1.7_all bug

NAME
       Wallet::ACL::NetDB::Root - Wallet ACL verifier for NetDB roles (root instances)


SYNOPSIS
           my $verifier = Wallet::ACL::NetDB::Root->new;
           my $status = $verifier->check ($principal, $node);
           if (not defined $status) {
               die "Something failed: ", $verifier->error, "\n";
           } elsif ($status) {
               print "Access granted\n";
           } else {
               print "Access denied\n";
           }


DESCRIPTION
       Wallet::ACL::NetDB::Root works identically to Wallet::ACL::NetDB except that it requires the principal to
       be a root instance (in other words, to be in the form <principal>/root@<realm>) and strips the "/root"
       portion from the principal before checking against NetDB roles.  As with the base NetDB ACL verifier, the
       value of a "netdb-root" ACL is a node, and the ACL grants access to a given principal if and only if the
       that principal (with "/root" stripped) has one of the roles user, admin, or team for that node.

       To use this object, the same configuration parameters must be set as for Wallet::ACL::NetDB.  See
       Wallet::Config(3) for details on those configuration parameters and information about how to set wallet
       configuration.


METHODS
       check(PRINCIPAL, ACL)
           Returns  true  if  PRINCIPAL  is granted access according to ACL, false if not, and undef on an error
           (see "DIAGNOSTICS" below).  ACL is a node, and PRINCIPAL will be granted access if it has an instance
           of "root" and if (with "/root" stripped off and the realm stripped off if configured) has  the  user,
           admin, or team role for that node.


DIAGNOSTICS
       Same as for Wallet::ACL::NetDB.


CAVEATS
       The instance to strip is not currently configurable.

       The  list  of  possible NetDB roles that should be considered sufficient to grant access is not currently
       configurable.


SEE ALSO
       Net::Remctl(3),   Wallet::ACL(3),   Wallet::ACL::Base(3),    Wallet::ACL::NetDB(3),    Wallet::Config(3),
       wallet-backend(8)

       NetDB  is  a  free  software  system  for  managing  DNS, DHCP, and related machine information for large
       organizations.  For more information on NetDB, see <https://web.stanford.edu/group/networking/netdb/>.

       This  module   is   part   of   the   wallet   system.    The   current   version   is   available   from
       <https://www.eyrie.org/~eagle/software/wallet/>.


AUTHOR
       Russ Allbery <eagle@eyrie.org>

perl v5.40.0                                       2024-11-12                      Wallet::ACL::NetDB::Root(3pm)