## MIT Kerberos admin and KDC ## ##

## This policy supports: ##

##

## Servers: ##

##

##

## Clients: ##

##

## ######################################## ## ## Use kerberos services ## ## ## Domain allowed access. ## # interface(`kerberos_use',` gen_require(` type krb5_conf_t; class file r_file_perms; class tcp_socket create_socket_perms; class udp_socket create_socket_perms; ') files_search_etc($1) allow $1 krb5_conf_t:file { getattr read }; dontaudit $1 krb5_conf_t:file write; tunable_policy(`allow_kerberos',` allow $1 self:tcp_socket create_socket_perms; allow $1 self:udp_socket create_socket_perms; corenet_tcp_sendrecv_all_if($1) corenet_udp_sendrecv_all_if($1) corenet_raw_sendrecv_all_if($1) corenet_tcp_sendrecv_all_nodes($1) corenet_udp_sendrecv_all_nodes($1) corenet_raw_sendrecv_all_nodes($1) corenet_tcp_sendrecv_kerberos_port($1) corenet_udp_sendrecv_kerberos_port($1) corenet_tcp_bind_all_nodes($1) corenet_udp_bind_all_nodes($1) sysnet_read_config($1) ') tunable_policy(`allow_kerberos && use_dns',` corenet_udp_sendrecv_dns_port($1) ') ') ######################################## ## ## Read the kerberos configuration file (/etc/krb5.conf). ## ## ## Domain allowed access. ## # interface(`kerberos_read_config',` gen_require(` type krb5_conf_t; class files r_file_perms; ') files_search_etc($1) allow $1 krb5_conf_t:file r_file_perms; ') ######################################## ## ## Read and write the kerberos configuration file (/etc/krb5.conf). ## ## ## Domain allowed access. ## # interface(`kerberos_rw_config',` gen_require(` type krb5_conf_t; class files rw_file_perms; ') files_search_etc($1) allow $1 krb5_conf_t:file rw_file_perms; ')