[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
    Search the FAQ Archives
Single Page

Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.24. Can I have multiple realms on a single KDC?
Next Document: 3. User and application questions

2.25 What is the kadm5.acl file?

From: Dan E. Anderson <anderson@computer.org>

     The kadm5.acl (access control list) file resides on the KDC host
     and controls access to the Kerberos database. The location of the
     kadm5.acl is specified in the kdc.conf file for each realm under
     the [realms] stanza:

     [realms]
             FOOBAR.ORG = {
                   acl_file = /var/krb5kdc/kadm5.acl
             }

     The ACL format is documented in the "Kerberos V5 Installation
     Guide". It contains the principal names (including "*" as
     wildcards) and the access permissions ("*" for everything)
     followed by an optional principal the ACL applies (if omitted, it
     applies to all principals). For example:

     */admin@FOOBAR.ORG      *

     Allows all admin principals all access (add, delete, modification
     of principals). The following just allows adding, listing, and
     inquire of principals for principal fred/admin:

     fred/admin@FOOBAR.ORG   ali

     Of course, Fred must use the fred/admin principal to access the
     Kerberos database (with kadmin).


Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 2.24. Can I have multiple realms on a single KDC?
Next Document: 3. User and application questions

Single Page

[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>

Last Update September 08 2008 @ 00:11 AM

© 2008 FAQS.ORG. All rights reserved.