diff options
author | Ben Kaduk <kaduk@mit.edu> | 2012-10-04 18:00:07 -0400 |
---|---|---|
committer | Ben Kaduk <kaduk@mit.edu> | 2012-10-10 14:00:04 -0400 |
commit | 45c43584beb6534ed0929fbc7240a0a2a9aad6dd (patch) | |
tree | 6477a7e5f379d114b6c1c4815a0381f3d63ff2bd | |
parent | 3b6f9c561fc673b94a7d1037f4a1657c7dd670a8 (diff) | |
download | krb5-45c43584beb6534ed0929fbc7240a0a2a9aad6dd.tar.gz krb5-45c43584beb6534ed0929fbc7240a0a2a9aad6dd.tar.xz krb5-45c43584beb6534ed0929fbc7240a0a2a9aad6dd.zip |
Make the kadm5.acl example sane
It is an eggregious security violation to give all admin principals
admin rights and then give all null instances permission to change
the password of the associated admin instance.
While here, don't assume that admin and root are the only non-null
instances, and correct the formatting of an entry with restrictions.
-rw-r--r-- | doc/rst_source/krb_admins/conf_files/kadm5_acl.rst | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/doc/rst_source/krb_admins/conf_files/kadm5_acl.rst b/doc/rst_source/krb_admins/conf_files/kadm5_acl.rst index 5f28b7acd..a02472e21 100644 --- a/doc/rst_source/krb_admins/conf_files/kadm5_acl.rst +++ b/doc/rst_source/krb_admins/conf_files/kadm5_acl.rst @@ -101,9 +101,9 @@ Here is an example of a kadm5.acl file. */admin@ATHENA.MIT.EDU * # line 1 joeadmin@ATHENA.MIT.EDU ADMCIL # line 2 joeadmin/*@ATHENA.MIT.EDU il */root@ATHENA.MIT.EDU # line 3 - *@ATHENA.MIT.EDU cil *1/admin@ATHENA.MIT.EDU # line 4 + */root@ATHENA.MIT.EDU cil *1@ATHENA.MIT.EDU # line 4 */*@ATHENA.MIT.EDU i # line 5 - */admin@EXAMPLE.COM * -maxlife 9h -postdateable # line 6 + */admin@EXAMPLE.COM x * -maxlife 9h -postdateable # line 6 (line 1) Any principal in the ``ATHENA.MIT.EDU`` realm with an ``admin`` instance has all administrative privileges. @@ -111,13 +111,14 @@ an ``admin`` instance has all administrative privileges. (lines 1-3) The user ``joeadmin`` has all permissions with his ``admin`` instance, ``joeadmin/admin@ATHENA.MIT.EDU`` (matches line 1). He has no permissions at all with his null instance, -``joeadmin@ATHENA.MIT.EDU`` (matches line 2). His root instance has -inquire and list permissions with any other principal that has the -instance root (matches line 3). - -(line 4) Any principal in ``ATHENA.MIT.EDU`` can inquire, list, -or change the password of their ``admin`` instance, but not any other -admin instance. (Here, "\*1" denotes a back-reference to the first +``joeadmin@ATHENA.MIT.EDU`` (matches line 2). His ``root`` and other +non-``admin``, non-null instances (e.g., ``extra`` or ``dbadmin``) have +inquire and list permissions with any principal that has the +instance ``root`` (matches line 3). + +(line 4) Any ``root`` principal in ``ATHENA.MIT.EDU`` can inquire, list, +or change the password of their null instance, but not any other +null instance. (Here, "\*1" denotes a back-reference to the first component of the actor principal.) (line 5) Any principal in the realm ``ATHENA.MIT.EDU`` (except for |