diff --git a/testing/kerberos/README b/testing/kerberos/README index f82d0c423..c17371dc4 100644 --- a/testing/kerberos/README +++ b/testing/kerberos/README @@ -3,11 +3,9 @@ install server and if the libs are not installed yum install krb5-libs -set a hostname - hostname noplace.org - copy krb5.conf to /etc/ copy kdc.conf to /var/kerberos/krb5kdc +copy kadm5.acl to /var/kerberos/krb5kdc/ init the database and admin principals. kdb5_util create -s @@ -16,8 +14,10 @@ add an admin principal while running kadmin.local enter addprinc master/admin +turn off iptables start the service with init scripts /etc/rc.d/init.d/krb5kdc start /etc/rc.d/init.d/kadmin start test it out kinit master/admin + kadmin diff --git a/testing/kerberos/denial_notes b/testing/kerberos/denial_notes new file mode 100644 index 000000000..503c680b7 --- /dev/null +++ b/testing/kerberos/denial_notes @@ -0,0 +1,9 @@ +kerberos seems to have basic functionality. some denials occur but do not seem to effect what +was tested so far +/etc/init.d/krb5kdc start + allow krb5kdc_t krb5_conf_t:file write; + allow krb5kdc_t krb5kdc_conf_t:file write; + allow krb5kdc_t proc_net_t:dir read; +/etc/init.d/kadmin start + allow kadmind_t krb5_conf_t:file write; + allow kadmind_t krb5kdc_conf_t:file write; diff --git a/testing/kerberos/kadm5.acl b/testing/kerberos/kadm5.acl new file mode 100644 index 000000000..9152d3dc5 --- /dev/null +++ b/testing/kerberos/kadm5.acl @@ -0,0 +1 @@ +*/admin@NOPLACE.ORG *