From a8b62e799cdc4841a113ad0ee9ed0907c4de91fa Mon Sep 17 00:00:00 2001 From: Ryan Haggerty Date: Mon, 14 Nov 2005 20:07:26 +0000 Subject: [PATCH] more config files and updates. --- testing/kerberos/README | 6 +++--- testing/kerberos/denial_notes | 9 +++++++++ testing/kerberos/kadm5.acl | 1 + 3 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 testing/kerberos/denial_notes create mode 100644 testing/kerberos/kadm5.acl diff --git a/testing/kerberos/README b/testing/kerberos/README index f82d0c42..c17371dc 100644 --- a/testing/kerberos/README +++ b/testing/kerberos/README @@ -3,11 +3,9 @@ install server and if the libs are not installed yum install krb5-libs -set a hostname - hostname noplace.org - copy krb5.conf to /etc/ copy kdc.conf to /var/kerberos/krb5kdc +copy kadm5.acl to /var/kerberos/krb5kdc/ init the database and admin principals. kdb5_util create -s @@ -16,8 +14,10 @@ add an admin principal while running kadmin.local enter addprinc master/admin +turn off iptables start the service with init scripts /etc/rc.d/init.d/krb5kdc start /etc/rc.d/init.d/kadmin start test it out kinit master/admin + kadmin diff --git a/testing/kerberos/denial_notes b/testing/kerberos/denial_notes new file mode 100644 index 00000000..503c680b --- /dev/null +++ b/testing/kerberos/denial_notes @@ -0,0 +1,9 @@ +kerberos seems to have basic functionality. some denials occur but do not seem to effect what +was tested so far +/etc/init.d/krb5kdc start + allow krb5kdc_t krb5_conf_t:file write; + allow krb5kdc_t krb5kdc_conf_t:file write; + allow krb5kdc_t proc_net_t:dir read; +/etc/init.d/kadmin start + allow kadmind_t krb5_conf_t:file write; + allow kadmind_t krb5kdc_conf_t:file write; diff --git a/testing/kerberos/kadm5.acl b/testing/kerberos/kadm5.acl new file mode 100644 index 00000000..9152d3dc --- /dev/null +++ b/testing/kerberos/kadm5.acl @@ -0,0 +1 @@ +*/admin@NOPLACE.ORG *