Layer: services

Module: kerberos

Tunables Interfaces Templates

Description:

This policy supports:

Servers:

Clients:


Tunables:

allow_kerberos
Default value

false

Description

Allow confined applications to run with kerberos.

Return

Interfaces:

kerberos_524_connect( domain )
Summary

Connect to krb524 service

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_admin( domain , role , terminal )
Summary

All of the rules required to administrate an kerberos environment

Parameters
Parameter:Description:
domain

Domain allowed access.

role

The role to be allowed to manage the kerberos domain.

terminal

The type of the user terminal.

kerberos_domtrans_kpropd( domain )
Summary

Execute a domain transition to run kpropd.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

kerberos_dontaudit_write_config( domain )
Summary

Do not audit attempts to write the kerberos configuration file (/etc/krb5.conf).

Parameters
Parameter:Description:
domain

Domain to not audit.

kerberos_kpropd_script_domtrans( domain )
Summary

Execute kpropd server in the kpropd domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

kerberos_manage_host_rcache( domain )
Summary

Read the kerberos kdc configuration file (/etc/krb5kdc.conf).

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_read_config( domain )
Summary

Read the kerberos configuration file (/etc/krb5.conf).

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_read_kdc_config( domain )
Summary

Read the kerberos kdc configuration file (/etc/krb5kdc.conf).

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_read_keytab( domain )
Summary

Read the kerberos key table.

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_rw_config( domain )
Summary

Read and write the kerberos configuration file (/etc/krb5.conf).

Parameters
Parameter:Description:
domain

Domain allowed access.

kerberos_script_domtrans( domain )
Summary

Execute kerberos server in the kerberos domain.

Parameters
Parameter:Description:
domain

The type of the process performing this action.

kerberos_use( domain )
Summary

Use kerberos services

Parameters
Parameter:Description:
domain

Domain allowed access.

Return

Templates:

kerberos_keytab_template( prefix , domain )
Summary

Create a derived type for kerberos keytab

Parameters
Parameter:Description:
prefix

The prefix to be used for deriving type names.

domain

Domain allowed access.

Return