Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Section - 2.25 What is the kadm5.acl file?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Counties ]


Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.24. Can I have multiple realms on a single KDC?
Next Document: 3. User and application questions
See reader questions & answers on this topic! - Help others by sharing your knowledge
From: Dan E. Anderson <anderson@computer.org>

     The kadm5.acl (access control list) file resides on the KDC host
     and controls access to the Kerberos database. The location of the
     kadm5.acl is specified in the kdc.conf file for each realm under
     the [realms] stanza:

     [realms]
             FOOBAR.ORG = {
                   acl_file = /var/krb5kdc/kadm5.acl
             }

     The ACL format is documented in the "Kerberos V5 Installation
     Guide". It contains the principal names (including "*" as
     wildcards) and the access permissions ("*" for everything)
     followed by an optional principal the ACL applies (if omitted, it
     applies to all principals). For example:

     */admin@FOOBAR.ORG      *

     Allows all admin principals all access (add, delete, modification
     of principals). The following just allows adding, listing, and
     inquire of principals for principal fred/admin:

     fred/admin@FOOBAR.ORG   ali

     Of course, Fred must use the fred/admin principal to access the
     Kerberos database (with kadmin).

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.24. Can I have multiple realms on a single KDC?
Next Document: 3. User and application questions

Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>





Last Update March 27 2014 @ 02:11 PM