The documentation for RHEL explains how to make users administrators through the /var/kerberos/krb5kdc/kadm5.acl
file, but does not specify if this is the only way to do this. Are there any other ways to specify principals with administrative permissions in kerberos?
Asked
Active
Viewed 135 times
0
Jorge Silva
- 123
- 1
- 7
1 Answers
1
The acl_file (kadm5.acl by default) is not the only way to specify kerberos administrators. It also can be achieved via kadm5_auth interface:
The ACL file can coexist with other authorization modules in release 1.16 and later, as configured in the kadm5_auth interface section of krb5.conf. The ACL file will positively authorize operations according to the rules above, but will never authoritatively deny an operation, so other modules can authorize operations in addition to those authorized by the ACL file.
Source: MIT Kerberos Documentation
Ra_
- 677
- 4
- 9