This policy supports:
Servers:
kadmind
krb5kdc
Clients:
kinit
kdestroy
klist
ksu (incomplete)
false
Allow confined applications to run with kerberos.
All of the rules required to administrate an kerberos environment
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
role |
The role to be allowed to manage the kerberos domain. |
Execute a domain transition to run kpropd.
Parameter: | Description: |
---|---|
domain |
Domain allowed to transition. |
Do not audit attempts to write the kerberos configuration file (/etc/krb5.conf).
Parameter: | Description: |
---|---|
domain |
Domain to not audit. |
Create keytab file in /etc
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
name |
The name of the object being created. |
Execute kadmind in the current domain
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
create kerberos content in the in the /root directory with an correct label.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Transition to kerberos named content
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Transition to kerberos named content
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Manage the kerberos kdc /var/lib files and directories.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read the kerberos configuration file (/etc/krb5.conf).
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
read kerberos homedir content (.k5login)
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read the kerberos key table.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read and write the kerberos configuration file (/etc/krb5.conf).
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Read/Write the kerberos key table.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Type transition files created in /tmp to the krb5_host_rcache type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
name |
The name of the object being created. |
Type transition files created in /tmp to the kadmind_tmp type.
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
name |
The name of the object being created. |
Use kerberos services
Parameter: | Description: |
---|---|
domain |
Domain allowed access. |
Create a derived type for kerberos keytab
Parameter: | Description: |
---|---|
prefix |
The prefix to be used for deriving type names. |
domain |
Domain allowed access. |