[selinux-policy: 967/3172] more config files and updates.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:28:35 UTC 2010
commit a8b62e799cdc4841a113ad0ee9ed0907c4de91fa
Author: Ryan Haggerty <rhaggerty at tresys.com>
Date: Mon Nov 14 20:07:26 2005 +0000
more config files and updates.
testing/kerberos/README | 6 +++---
testing/kerberos/denial_notes | 9 +++++++++
testing/kerberos/kadm5.acl | 1 +
3 files changed, 13 insertions(+), 3 deletions(-)
---
diff --git a/testing/kerberos/README b/testing/kerberos/README
index f82d0c4..c17371d 100644
--- a/testing/kerberos/README
+++ b/testing/kerberos/README
@@ -3,11 +3,9 @@ install server
and if the libs are not installed
yum install krb5-libs
-set a hostname
- hostname noplace.org
-
copy krb5.conf to /etc/
copy kdc.conf to /var/kerberos/krb5kdc
+copy kadm5.acl to /var/kerberos/krb5kdc/
init the database and admin principals.
kdb5_util create -s
@@ -16,8 +14,10 @@ add an admin principal
while running kadmin.local enter
addprinc master/admin
+turn off iptables
start the service with init scripts
/etc/rc.d/init.d/krb5kdc start
/etc/rc.d/init.d/kadmin start
test it out
kinit master/admin
+ kadmin
diff --git a/testing/kerberos/denial_notes b/testing/kerberos/denial_notes
new file mode 100644
index 0000000..503c680
--- /dev/null
+++ b/testing/kerberos/denial_notes
@@ -0,0 +1,9 @@
+kerberos seems to have basic functionality. some denials occur but do not seem to effect what
+was tested so far
+/etc/init.d/krb5kdc start
+ allow krb5kdc_t krb5_conf_t:file write;
+ allow krb5kdc_t krb5kdc_conf_t:file write;
+ allow krb5kdc_t proc_net_t:dir read;
+/etc/init.d/kadmin start
+ allow kadmind_t krb5_conf_t:file write;
+ allow kadmind_t krb5kdc_conf_t:file write;
diff --git a/testing/kerberos/kadm5.acl b/testing/kerberos/kadm5.acl
new file mode 100644
index 0000000..9152d3d
--- /dev/null
+++ b/testing/kerberos/kadm5.acl
@@ -0,0 +1 @@
+*/admin at NOPLACE.ORG *
More information about the scm-commits
mailing list