diff options
author | Tom Barrett <tom@tombarrett.xyz> | 2020-02-14 07:50:37 -0600 |
---|---|---|
committer | Tom Barrett <tom@tombarrett.xyz> | 2020-02-14 07:50:37 -0600 |
commit | f76e2522464f2ddeb16aa01c9487b36e6aa70a94 (patch) | |
tree | 9b82f261d49743faf721363a7ec72ad572709a99 /configs/kerberos | |
parent | 8ca998d9c27188e491761c3b99a222e842d6e44e (diff) |
adding admin users
Diffstat (limited to 'configs/kerberos')
-rw-r--r-- | configs/kerberos/kadm5.acl | 6 | ||||
-rw-r--r-- | configs/kerberos/krb5.conf | 10 |
2 files changed, 7 insertions, 9 deletions
diff --git a/configs/kerberos/kadm5.acl b/configs/kerberos/kadm5.acl new file mode 100644 index 0000000..76df603 --- /dev/null +++ b/configs/kerberos/kadm5.acl @@ -0,0 +1,6 @@ +# This file Is the access control list for krb5 administration. +# When this file is edited run service krb5-admin-server restart to activate +# One common way to set up Kerberos administration is to allow any principal +# ending in /admin is given full administrative rights. +# To enable this, uncomment the following line: +*/admin * diff --git a/configs/kerberos/krb5.conf b/configs/kerberos/krb5.conf index 61f51c1..c78717b 100644 --- a/configs/kerberos/krb5.conf +++ b/configs/kerberos/krb5.conf @@ -1,19 +1,11 @@ [libdefaults] default_realm = HADES.HR - # The following krb5.conf variables are only for MIT Kerberos. - kdc_timesync = 1 - ccache_type = 4 - forwardable = true - proxiable = true - - # The following libdefaults parameters are only for Heimdal Kerberos. - fcc-mit-ticketflags = true - [realms] HADES.HR = { kdc = krb.hades.hr admin_server = krb.hades.hr + default_domain = hades.hr } [domain_realm] |