Is it possible to have extended file permissions (ACLs) in Linux be managed (enforced?) by adding permissions authenticated by Kerberos?
Asked
Active
Viewed 211 times
0
-
I'm not sure if it will matter, but what Linux flavor/version are you using? – Neil Smithline Jul 07 '16 at 20:51
-
@NeilSmithline I was going to go for Ubuntu/Debian. – leeand00 Jul 22 '16 at 15:06
1 Answers
1
Your question is confused. Kerberos is used for authentication, not authorization.
So the answer is no, kind of. You can use Kerberos to authenticate to an account with is authorized, but a Keberos principal alone doesn't qualify as an account.
The most common way to hold accounts in systems that use Kerberos of authentication is LDAP. DQL and /etc/passwd also work. These accounts can be used in POSIX ACLs.
If you want to use Kerberos and LDAP, sssd currently the preferred client.
84104
- 12,698
- 6
- 43
- 75