Provide a descriptive summary of the issue.
- The config file includes option should provide an ability to
exclude all wildcard patterns in sub config files.
- This would allow admins in a federated environment to delegate
access to a sub config file with the confidence that
administrators of those config files would not be able to put *
or other wildcard patterns in their config lines. Instead, they
would have to limit their config files to the use of specifically
named DNS hosts, IP addresses, or certificate CNs.
- Steps to reproduce
In numbered format, detail the exact steps taken to produce the
- Expected results
Describe what you expected to happen when you executed the steps
- Disallowing the use of all wildcard patterns in sub config files
would allow a greater degree of trustworthiness in federated
- Disallowing wildcard patterns should apply to the listed
subconfig file and any of its children.
- Actual results
Please explain what actually occurred when steps above are
- The proposed config file feature offers the option of limiting
the scope of clients controlled by included config files.
However, this provides limited utility for those without a
tightly controlled DNS, IP, or CN space.
Describe circumstances where the problem occurs or does not
occur, such as software versions and/or hardware configurations.
Provide additional information, such as references to related
problems, workarounds and relevant attachments.
- While this would not solve every problem presented by Radmind in
a federated environment, it would lessen the need to set up
multiple server (processes) with different master config files in
order to support federation at all.
- System configuration
Include the current system configuration of each computer that
experienced the problem.