Edit the Kerberos Admin Server ACL config
Edit the Kerberos Admin Server ACL config
In the kdc.conf we saw a value: acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl. In this file we can define who has the right to read or change something in our kerberos database (we will create that database later). Detailed information about this ACL (access control list) are in the manpage of kadmind or the kerberos adminguide. To be simple we want to allow all admins to do all in our kerberos database. Edit the file to:
*/admin@REDFLO.DE *
This can be read as "allow all(=*) admins in the realm REDFLO.DE everything (=*). So where is here the username? Is admin a Unix group?
Created by system. Last Modification: Saturday 23 of July, 2005 12:37:40 UTC by admin.
Category: UNIX
-
wiki page:
- How to use Microsoft Active Directory with postfix
- inserting the first object in your ldap directory
- Installing the mailsystem packages
- Integrating LDAP in your unix system
- Introduction
- Kerberizing kadmin
- Kerberizing sshd
- Kerberos setup
- LDAP
- LDAP schema files
- logging
- Motivation
- nss_ldap security
- OpenLDAP config files
- Other documentation
- performing a first ldap query
- PerfParse
- populating the directory
- Postfix and cyrus imapd and kerberos and LDAP
- Setting up a kerberos client machine
- Setting up your Kerberos servers
- SIngle sign on (SSO) first try
- SSO and Central Administration with Kerberos and LDAP
- Start the kerberos servers
- The configuration files
- The name service switch
- Tweak pam
- Understanding Kerberos
- Understanding Kerberos pt. 2
- Webserver Stress Test Tools
- What is LDAP?
- What the heck is pam?
- What we need
- What we want
- Audience
- Authenticating
- Bash script with timeout function
- Check Processes
- Check your installation
- Choosing a Realm
- configure your mail client
- Configuring and understanding pam
- configuring cyrus imapd
- configuring postfix
- Connect to kadmind and have a look into the database
- Creating the kerberos database
- Edit the Kerberos Admin Server ACL config
- Edit the kerberos client config file
- Edit the kerberos server config file
- Excursus to principals
- exploring schemas
- Fight Image Spam
- Fight Spam best practice
- adding a group
- Adding principals and authenticating
- Another principal
- nss with Solaris 10
- SerialConsole
![[toggle]](javascript:icntoggle('mod-ApplicationMenul2','module.png'); "[toggle]"){kind=small}
Sidebar
Wiki
Image Galleries
Powered by TikiWiki CMS/Groupware |
Theme: Strasa
[ Execution time: 0.48 secs ] [ Memory usage: 7.23MB ] [ 92 database queries used in 0.0 secs ] [ Server load: 0.05 ]