This policy supports:
Servers:
kadmind
krb5kdc
Clients:
kinit
kdestroy
klist
ksu (incomplete)
Connect to krb524 service
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
All of the rules required to administrate an kerberos environment
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
role |
The role to be allowed to manage the kerberos domain. | No |
terminal |
The type of the user terminal. | No |
Execute a domain transition to run kpropd.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed to transition. | No |
Do not audit attempts to write the kerberos configuration file (/etc/krb5.conf).
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain to not audit. | No |
Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read the kerberos configuration file (/etc/krb5.conf).
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read the kerberos key table.
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Read and write the kerberos configuration file (/etc/krb5.conf).
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Use kerberos services
Parameter: | Description: | Optional: |
---|---|---|
domain |
Domain allowed access. | No |
Create a derived type for kerberos keytab
Parameter: | Description: | Optional: |
---|---|---|
prefix |
The prefix to be used for deriving type names. | No |
domain |
Domain allowed access. | No |