From f76e2522464f2ddeb16aa01c9487b36e6aa70a94 Mon Sep 17 00:00:00 2001 From: Tom Barrett Date: Fri, 14 Feb 2020 07:50:37 -0600 Subject: adding admin users --- configs/kerberos/kadm5.acl | 6 ++++++ configs/kerberos/krb5.conf | 10 +--------- 2 files changed, 7 insertions(+), 9 deletions(-) create mode 100644 configs/kerberos/kadm5.acl (limited to 'configs') diff --git a/configs/kerberos/kadm5.acl b/configs/kerberos/kadm5.acl new file mode 100644 index 0000000..76df603 --- /dev/null +++ b/configs/kerberos/kadm5.acl @@ -0,0 +1,6 @@ +# This file Is the access control list for krb5 administration. +# When this file is edited run service krb5-admin-server restart to activate +# One common way to set up Kerberos administration is to allow any principal +# ending in /admin is given full administrative rights. +# To enable this, uncomment the following line: +*/admin * diff --git a/configs/kerberos/krb5.conf b/configs/kerberos/krb5.conf index 61f51c1..c78717b 100644 --- a/configs/kerberos/krb5.conf +++ b/configs/kerberos/krb5.conf @@ -1,19 +1,11 @@ [libdefaults] default_realm = HADES.HR - # The following krb5.conf variables are only for MIT Kerberos. - kdc_timesync = 1 - ccache_type = 4 - forwardable = true - proxiable = true - - # The following libdefaults parameters are only for Heimdal Kerberos. - fcc-mit-ticketflags = true - [realms] HADES.HR = { kdc = krb.hades.hr admin_server = krb.hades.hr + default_domain = hades.hr } [domain_realm] -- cgit v1.2.3