Layer: contrib

Module: kerberos

Tunables Interfaces Templates

Description:

This policy supports:

Servers:

Clients:

Tunables:

kerberos_enabled
Default value

false

Description

Allow confined applications to run with kerberos.

Return

Interfaces:

kerberos_admin( domain , role )
Summary

All of the rules required to administrate an kerberos environment

Parameters
Parameter:Description:
domain

Domain allowed access.

role

The role to be allowed to manage the kerberos domain.

kerberos_domtrans_kpropd( domain )
Summary

Execute a domain transition to run kpropd.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

kerberos_dontaudit_write_config( domain )
Summary

Do not audit attempts to write the kerberos configuration file (/etc/krb5.conf).

Parameters
Parameter:Description:
domain

Domain to not audit.

kerberos_etc_filetrans_keytab( domain , name )
Summary

Create keytab file in /etc

Parameters
Parameter:Description:
domain

Domain allowed access.

name

The name of the object being created.

kerberos_exec_kadmind( domain )
Summary

Execute kadmind in the current domain

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_filetrans_admin_home_content( domain )
Summary

create kerberos content in the in the /root directory with an correct label.

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_filetrans_home_content( domain )
Summary

Transition to kerberos named content

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_filetrans_named_content( domain )
Summary

Transition to kerberos named content

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_manage_host_rcache( domain )
Summary

Read the kerberos kdc configuration file (/etc/krb5kdc.conf).

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_manage_kdc_var_lib( domain )
Summary

Manage the kerberos kdc /var/lib files and directories.

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_read_config( domain )
Summary

Read the kerberos configuration file (/etc/krb5.conf).

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_read_home_content( domain )
Summary

read kerberos homedir content (.k5login)

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_read_host_rcache( domain )
Summary

Read the kerberos kdc configuration file (/etc/krb5kdc.conf).

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_read_kdc_config( domain )
Summary

Read the kerberos kdc configuration file (/etc/krb5kdc.conf).

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_read_keytab( domain )
Summary

Read the kerberos key table.

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_rw_config( domain )
Summary

Read and write the kerberos configuration file (/etc/krb5.conf).

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_rw_keytab( domain )
Summary

Read/Write the kerberos key table.

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_tmp_filetrans_host_rcache( domain , name )
Summary

Type transition files created in /tmp to the krb5_host_rcache type.

Parameters
Parameter:Description:
domain

Domain allowed access.

name

The name of the object being created.

kerberos_tmp_filetrans_kadmin( domain , name )
Summary

Type transition files created in /tmp to the kadmind_tmp type.

Parameters
Parameter:Description:
domain

Domain allowed access.

name

The name of the object being created.

kerberos_use( domain )
Summary

Use kerberos services

Parameters
Parameter:Description:
domain

Domain allowed access.

Return

Templates:

kerberos_keytab_template( prefix , domain )
Summary

Create a derived type for kerberos keytab

Parameters
Parameter:Description:
prefix

The prefix to be used for deriving type names.

domain

Domain allowed access.

Return