[selinux-policy: 967/3172] more config files and updates.

[Daniel J Walsh]

commit a8b62e799cdc4841a113ad0ee9ed0907c4de91fa
Author: Ryan Haggerty <rhaggerty at tresys.com>
Date:   Mon Nov 14 20:07:26 2005 +0000

    more config files and updates.

 testing/kerberos/README       |    6 +++---
 testing/kerberos/denial_notes |    9 +++++++++
 testing/kerberos/kadm5.acl    |    1 +
 3 files changed, 13 insertions(+), 3 deletions(-)
---
diff --git a/testing/kerberos/README b/testing/kerberos/README
index f82d0c4..c17371d 100644
--- a/testing/kerberos/README
+++ b/testing/kerberos/README
@@ -3,11 +3,9 @@ install server
 and if the libs are not installed
 	yum install krb5-libs
 
-set a hostname
-	hostname noplace.org
-
 copy krb5.conf to /etc/
 copy kdc.conf to /var/kerberos/krb5kdc
+copy kadm5.acl to /var/kerberos/krb5kdc/
 
 init the database and admin principals.
 	kdb5_util create -s
@@ -16,8 +14,10 @@ add an admin principal
 while running kadmin.local enter
 	addprinc master/admin
 
+turn off iptables
 start the service with init scripts
 	/etc/rc.d/init.d/krb5kdc start
 	/etc/rc.d/init.d/kadmin start
 test it out
 	kinit master/admin
+	kadmin
diff --git a/testing/kerberos/denial_notes b/testing/kerberos/denial_notes
new file mode 100644
index 0000000..503c680
--- /dev/null
+++ b/testing/kerberos/denial_notes
@@ -0,0 +1,9 @@
+kerberos seems to have basic functionality. some denials occur but do not seem to effect what
+was tested so far
+/etc/init.d/krb5kdc start
+	allow krb5kdc_t krb5_conf_t:file write;
+	allow krb5kdc_t krb5kdc_conf_t:file write;
+	allow krb5kdc_t proc_net_t:dir read;
+/etc/init.d/kadmin start
+	allow kadmind_t krb5_conf_t:file write;
+	allow kadmind_t krb5kdc_conf_t:file write;
diff --git a/testing/kerberos/kadm5.acl b/testing/kerberos/kadm5.acl
new file mode 100644
index 0000000..9152d3d
--- /dev/null
+++ b/testing/kerberos/kadm5.acl
@@ -0,0 +1 @@
+*/admin at NOPLACE.ORG	*