selinux-refpolicy/man/man8/kerberos_selinux.8
2007-02-16 23:01:42 +00:00

36 lines
1.2 KiB
Groff

.TH "kerberos_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "kerberos Selinux Policy documentation"
.de EX
.nf
.ft CW
..
.de EE
.ft R
.fi
..
.SH "NAME"
kerberos_selinux \- Security Enhanced Linux Policy for Kerberos.
.SH "DESCRIPTION"
Security-Enhanced Linux secures the system via flexible mandatory access
control. By default Kerberos access is not allowed, since it requires daemons to be allowed greater access to certain secure files and addtional access to the network.
.SH BOOLEANS
.PP
You must set the allow_kerberos boolean to allow your system to work properly in a Kerberos environment.
.EX
setsebool -P allow_kerberos 1
.EE
If you are running Kerberos daemons kadmind or krb5kdc you can disable the SELinux protection on these daemons by setting the krb5kdc_disable_trans and kadmind_disable_trans booleans.
.EX
setsebool -P krb5kdc_disable_trans 1
service krb5kdc restart
setsebool -P kadmind_disable_trans booleans 1
service kadmind restart
.EE
.PP
system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
.SH "SEE ALSO"
selinux(8), kerberos(1), chcon(1), setsebool(8)