[27094] in CVS-changelog-for-Kerberos-V5
krb5 commit: Make the kadm5.acl example sane
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Wed Oct 10 14:50:56 2012
Date: Wed, 10 Oct 2012 14:50:49 -0400
From: Benjamin Kaduk <kaduk@mit.edu>
Message-Id: <201210101850.q9AIonGA003582@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/45c43584beb6534ed0929fbc7240a0a2a9aad6dd
commit 45c43584beb6534ed0929fbc7240a0a2a9aad6dd
Author: Ben Kaduk <kaduk@mit.edu>
Date: Thu Oct 4 18:00:07 2012 -0400
Make the kadm5.acl example sane
It is an eggregious security violation to give all admin principals
admin rights and then give all null instances permission to change
the password of the associated admin instance.
While here, don't assume that admin and root are the only non-null
instances, and correct the formatting of an entry with restrictions.
doc/rst_source/krb_admins/conf_files/kadm5_acl.rst | 19 ++++++++++---------
1 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/doc/rst_source/krb_admins/conf_files/kadm5_acl.rst b/doc/rst_source/krb_admins/conf_files/kadm5_acl.rst
index 5f28b7a..a02472e 100644
--- a/doc/rst_source/krb_admins/conf_files/kadm5_acl.rst
+++ b/doc/rst_source/krb_admins/conf_files/kadm5_acl.rst
@@ -101,9 +101,9 @@ Here is an example of a kadm5.acl file.
*/admin@ATHENA.MIT.EDU * # line 1
joeadmin@ATHENA.MIT.EDU ADMCIL # line 2
joeadmin/*@ATHENA.MIT.EDU il */root@ATHENA.MIT.EDU # line 3
- *@ATHENA.MIT.EDU cil *1/admin@ATHENA.MIT.EDU # line 4
+ */root@ATHENA.MIT.EDU cil *1@ATHENA.MIT.EDU # line 4
*/*@ATHENA.MIT.EDU i # line 5
- */admin@EXAMPLE.COM * -maxlife 9h -postdateable # line 6
+ */admin@EXAMPLE.COM x * -maxlife 9h -postdateable # line 6
(line 1) Any principal in the ``ATHENA.MIT.EDU`` realm with
an ``admin`` instance has all administrative privileges.
@@ -111,13 +111,14 @@ an ``admin`` instance has all administrative privileges.
(lines 1-3) The user ``joeadmin`` has all permissions with his
``admin`` instance, ``joeadmin/admin@ATHENA.MIT.EDU`` (matches line
1). He has no permissions at all with his null instance,
-``joeadmin@ATHENA.MIT.EDU`` (matches line 2). His root instance has
-inquire and list permissions with any other principal that has the
-instance root (matches line 3).
-
-(line 4) Any principal in ``ATHENA.MIT.EDU`` can inquire, list,
-or change the password of their ``admin`` instance, but not any other
-admin instance. (Here, "\*1" denotes a back-reference to the first
+``joeadmin@ATHENA.MIT.EDU`` (matches line 2). His ``root`` and other
+non-``admin``, non-null instances (e.g., ``extra`` or ``dbadmin``) have
+inquire and list permissions with any principal that has the
+instance ``root`` (matches line 3).
+
+(line 4) Any ``root`` principal in ``ATHENA.MIT.EDU`` can inquire, list,
+or change the password of their null instance, but not any other
+null instance. (Here, "\*1" denotes a back-reference to the first
component of the actor principal.)
(line 5) Any principal in the realm ``ATHENA.MIT.EDU`` (except for
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
