mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 23:23:30 -06:00
daemons: Remove ipa_kpasswd
Now that we have our own database we can properly enforce stricter constraints on how the db can be changed. Stop shipping our own kpasswd daemon and instead use the regular kadmin daemon.
This commit is contained in:
parent
a60a71497b
commit
dfa944da24
1
.gitignore
vendored
1
.gitignore
vendored
@ -28,7 +28,6 @@ daemons/config.status
|
||||
daemons/config.sub
|
||||
daemons/depcomp
|
||||
daemons/install-sh
|
||||
daemons/ipa-kpasswd/ipa_kpasswd
|
||||
daemons/ipa-version.h
|
||||
daemons/libtool
|
||||
daemons/ltmain.sh
|
||||
|
@ -14,7 +14,6 @@ export AM_CFLAGS
|
||||
|
||||
SUBDIRS = \
|
||||
ipa-kdb \
|
||||
ipa-kpasswd \
|
||||
ipa-slapi-plugins \
|
||||
$(NULL)
|
||||
|
||||
|
@ -289,7 +289,6 @@ AC_SUBST(LDFLAGS)
|
||||
AC_CONFIG_FILES([
|
||||
Makefile
|
||||
ipa-kdb/Makefile
|
||||
ipa-kpasswd/Makefile
|
||||
ipa-slapi-plugins/Makefile
|
||||
ipa-slapi-plugins/ipa-enrollment/Makefile
|
||||
ipa-slapi-plugins/ipa-lockout/Makefile
|
||||
|
@ -1,59 +0,0 @@
|
||||
NULL =
|
||||
|
||||
INCLUDES = \
|
||||
-I. \
|
||||
-I$(srcdir) \
|
||||
-DPREFIX=\""$(prefix)"\" \
|
||||
-DBINDIR=\""$(bindir)"\" \
|
||||
-DLIBDIR=\""$(libdir)"\" \
|
||||
-DLIBEXECDIR=\""$(libexecdir)"\" \
|
||||
-DDATADIR=\""$(datadir)"\" \
|
||||
$(AM_CFLAGS) \
|
||||
$(OPENLDAP_CFLAGS) \
|
||||
$(KRB5_CFLAGS) \
|
||||
$(WARN_CFLAGS) \
|
||||
$(NULL)
|
||||
|
||||
sbin_PROGRAMS = \
|
||||
ipa_kpasswd \
|
||||
$(NULL)
|
||||
|
||||
ipa_kpasswd_SOURCES = \
|
||||
ipa_kpasswd.c \
|
||||
$(NULL)
|
||||
|
||||
ipa_kpasswd_LDADD = \
|
||||
$(OPENLDAP_LIBS) \
|
||||
$(KRB5_LIBS) \
|
||||
$(NULL)
|
||||
|
||||
install-exec-local:
|
||||
mkdir -p $(DESTDIR)$(localstatedir)/cache/ipa/kpasswd
|
||||
chmod 700 $(DESTDIR)$(localstatedir)/cache/ipa/kpasswd
|
||||
|
||||
uninstall-local:
|
||||
-rmdir $(DESTDIR)$(localstatedir)/cache/ipa/kpasswd
|
||||
-rmdir $(DESTDIR)$(localstatedir)/cache/ipa
|
||||
|
||||
EXTRA_DIST = \
|
||||
README \
|
||||
ipa_kpasswd.init \
|
||||
$(NULL)
|
||||
|
||||
MAINTAINERCLEANFILES = \
|
||||
*~ \
|
||||
Makefile.in
|
||||
|
||||
initdir=$(sysconfdir)/rc.d/init.d
|
||||
|
||||
install-data-hook: ipa_kpasswd.init
|
||||
|
||||
if test '!' -d $(DESTDIR)$(initdir); then \
|
||||
$(mkinstalldirs) $(DESTDIR)$(initdir); \
|
||||
chmod 755 $(DESTDIR)$(initdir); \
|
||||
fi
|
||||
|
||||
$(INSTALL_SCRIPT) $(srcdir)/ipa_kpasswd.init $(DESTDIR)$(initdir)/ipa_kpasswd
|
||||
|
||||
uninstall-hook:
|
||||
rm -f $(DESTDIR)$(initdir)/ipa_kpasswd
|
@ -1,2 +0,0 @@
|
||||
This is an implementation of the RFC3244 kpasswd protocol.
|
||||
It is used to proxy password change operations to Directory Server.
|
File diff suppressed because it is too large
Load Diff
@ -1,83 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# ipa_kpasswd This starts and stops ipa_kpasswd
|
||||
#
|
||||
# chkconfig: - 36 64
|
||||
# description: ipa_kpasswd IPA Kpasswd daemon
|
||||
# processname: /usr/sbin/ipa_kpasswd
|
||||
# configdir: /etc/sysconfig/ipa-kpasswd
|
||||
#
|
||||
|
||||
# Source function library.
|
||||
if [ -f /etc/rc.d/init.d/functions ] ; then
|
||||
. /etc/rc.d/init.d/functions
|
||||
fi
|
||||
# Source networking configuration.
|
||||
if [ -f /etc/sysconfig/network ] ; then
|
||||
. /etc/sysconfig/network
|
||||
fi
|
||||
|
||||
# Check that networking is up.
|
||||
if [ "${NETWORKING}" = "no" ]
|
||||
then
|
||||
echo "Networking is down"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Source networking configuration.
|
||||
if [ -f /etc/sysconfig/ipa-kpasswd ] ; then
|
||||
. /etc/sysconfig/ipa-kpasswd
|
||||
fi
|
||||
|
||||
NAME="ipa_kpasswd"
|
||||
PROG="/usr/sbin/ipa_kpasswd"
|
||||
|
||||
start() {
|
||||
echo -n $"Starting $NAME: "
|
||||
daemon $NAME
|
||||
RETVAL=$?
|
||||
echo
|
||||
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ipa_kpasswd || \
|
||||
RETVAL=1
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
stop() {
|
||||
echo -n $"Shutting down $NAME: "
|
||||
killproc $NAME
|
||||
RETVAL=$?
|
||||
echo
|
||||
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ipa_kpasswd
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
start
|
||||
;;
|
||||
stop)
|
||||
stop
|
||||
;;
|
||||
status)
|
||||
status $PROG
|
||||
;;
|
||||
restart)
|
||||
restart
|
||||
;;
|
||||
condrestart)
|
||||
[ -f /var/lock/subsys/ipa_kpasswd ] && restart || :
|
||||
;;
|
||||
reload)
|
||||
exit 3
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|status|restart|condrestart}"
|
||||
exit 2
|
||||
esac
|
||||
|
||||
exit $?
|
@ -305,6 +305,7 @@ ln -s ../../../..%{_sysconfdir}/ipa/html/ipa_error.css \
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/
|
||||
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa.conf
|
||||
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
|
||||
mkdir -p %{buildroot}%{_initrddir}
|
||||
install -m755 ipa.init %{buildroot}%{_initrddir}/ipa
|
||||
%endif
|
||||
|
||||
@ -326,7 +327,6 @@ rm -rf %{buildroot}
|
||||
%post server
|
||||
if [ $1 = 1 ]; then
|
||||
/sbin/chkconfig --add ipa
|
||||
/sbin/chkconfig --add ipa_kpasswd
|
||||
fi
|
||||
if [ $1 -gt 1 ] ; then
|
||||
/usr/sbin/ipa-upgradeconfig || :
|
||||
@ -336,7 +336,6 @@ fi
|
||||
%preun server
|
||||
if [ $1 = 0 ]; then
|
||||
/sbin/chkconfig --del ipa
|
||||
/sbin/chkconfig --del ipa_kpasswd
|
||||
/sbin/service ipa stop >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
@ -355,7 +354,7 @@ if [ -s /etc/selinux/config ]; then
|
||||
fi
|
||||
|
||||
%post server-selinux
|
||||
semodule -s targeted -i /usr/share/selinux/targeted/ipa_kpasswd.pp /usr/share/selinux/targeted/ipa_httpd.pp /usr/share/selinux/targeted/ipa_dogtag.pp
|
||||
semodule -s targeted -i /usr/share/selinux/targeted/ipa_httpd.pp /usr/share/selinux/targeted/ipa_dogtag.pp
|
||||
. %{_sysconfdir}/selinux/config
|
||||
FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
|
||||
selinuxenabled
|
||||
@ -377,7 +376,7 @@ fi
|
||||
|
||||
%postun server-selinux
|
||||
if [ $1 = 0 ]; then
|
||||
semodule -s targeted -r ipa_kpasswd ipa_httpd ipa_dogtag
|
||||
semodule -s targeted -r ipa_httpd ipa_dogtag
|
||||
. %{_sysconfdir}/selinux/config
|
||||
FILE_CONTEXT=%{_sysconfdir}/selinux/targeted/contexts/files/file_contexts
|
||||
selinuxenabled
|
||||
@ -406,13 +405,11 @@ fi
|
||||
%{_sbindir}/ipa-compat-manage
|
||||
%{_sbindir}/ipa-nis-manage
|
||||
%{_sbindir}/ipa-host-net-manage
|
||||
%{_sbindir}/ipa_kpasswd
|
||||
%{_sbindir}/ipactl
|
||||
%{_sbindir}/ipa-upgradeconfig
|
||||
%{_sbindir}/ipa-compliance
|
||||
%{_sysconfdir}/cron.d/ipa-compliance
|
||||
%attr(755,root,root) %{_initrddir}/ipa
|
||||
%attr(755,root,root) %{_initrddir}/ipa_kpasswd
|
||||
%dir %{python_sitelib}/ipaserver
|
||||
%{python_sitelib}/ipaserver/*
|
||||
%dir %{_usr}/share/ipa
|
||||
@ -467,7 +464,6 @@ fi
|
||||
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
|
||||
%dir %{_localstatedir}/cache/ipa
|
||||
%attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
|
||||
%attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd
|
||||
%attr(755,root,root) %{_libdir}/krb5/plugins/kdb/ipadb.so
|
||||
%{_mandir}/man1/ipa-replica-conncheck.1.gz
|
||||
%{_mandir}/man1/ipa-replica-install.1.gz
|
||||
@ -482,14 +478,12 @@ fi
|
||||
%{_mandir}/man1/ipa-nis-manage.1.gz
|
||||
%{_mandir}/man1/ipa-host-net-manage.1.gz
|
||||
%{_mandir}/man1/ipa-ldap-updater.1.gz
|
||||
%{_mandir}/man8/ipa_kpasswd.8.gz
|
||||
%{_mandir}/man8/ipactl.8.gz
|
||||
%{_mandir}/man1/ipa-compliance.1.gz
|
||||
|
||||
%files server-selinux
|
||||
%defattr(-,root,root,-)
|
||||
%doc COPYING README Contributors.txt
|
||||
%{_usr}/share/selinux/targeted/ipa_kpasswd.pp
|
||||
%{_usr}/share/selinux/targeted/ipa_httpd.pp
|
||||
%{_usr}/share/selinux/targeted/ipa_dogtag.pp
|
||||
%endif
|
||||
@ -540,6 +534,9 @@ fi
|
||||
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
|
||||
|
||||
%changelog
|
||||
* Wed Aug 25 2011 Simo Sorce <ssorce#redhat.com> - 3.0.0
|
||||
- Remove ipa_kpasswd.
|
||||
|
||||
* Tue Aug 23 2011 Jan Cholasta <jcholast@redhat.com> - 2.1.0-1
|
||||
- Add subscription-manager dependency for RHEL.
|
||||
|
||||
|
@ -22,7 +22,6 @@ man1_MANS = \
|
||||
|
||||
man8_MANS = \
|
||||
ipactl.8 \
|
||||
ipa_kpasswd.8 \
|
||||
$(NULL)
|
||||
|
||||
install-data-hook:
|
||||
|
@ -22,7 +22,7 @@ ipa\-server\-install \- Configure an IPA server
|
||||
.SH "SYNOPSIS"
|
||||
ipa\-server\-install [\fIOPTION\fR]...
|
||||
.SH "DESCRIPTION"
|
||||
Configures the services needed by an IPA server. This includes setting up a Kerberos Key Distribution Center (KDC) with an LDAP back\-end, configuring Apache, configuring NTP and starting the ipa_kpasswd service provided by IPA. By default a dogtag\-based CA will be configured to issue server certificates.
|
||||
Configures the services needed by an IPA server. This includes setting up a Kerberos Key Distribution Center (KDC) and a Kadmin daemon with an LDAP back\-end, configuring Apache, configuring NTP and optionally configuring and starting an LDAP-backed DNS server. By default a dogtag\-based CA will be configured to issue server certificates.
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
\fB\-r\fR \fIREALM_NAME\fR, \fB\-\-realm\fR=\fIREALM_NAME\fR
|
||||
|
@ -1,36 +0,0 @@
|
||||
.\" A man page for ipa_kpasswd
|
||||
.\" Copyright (C) 2008 Red Hat, Inc.
|
||||
.\"
|
||||
.\" This program is free software; you can redistribute it and/or modify
|
||||
.\" it under the terms of the GNU General Public License as published by
|
||||
.\" the Free Software Foundation, either version 3 of the License, or
|
||||
.\" (at your option) any later version.
|
||||
.\"
|
||||
.\" This program is distributed in the hope that it will be useful, but
|
||||
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
.\" General Public License for more details.
|
||||
.\"
|
||||
.\" You should have received a copy of the GNU General Public License
|
||||
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa_kpasswd" "8" "Mar 14 2008" "freeipa" ""
|
||||
.SH "NAME"
|
||||
ipa_kpasswd \- Proxy Kerberos password change requests
|
||||
.SH "SYNOPSIS"
|
||||
ipa_kpasswd
|
||||
.SH "DESCRIPTION"
|
||||
Implementation of the kpasswd protocol (RFC 3244).
|
||||
|
||||
It is used to proxy password change operations to Directory Server.
|
||||
.SH "ENVIRONMENT VARIABLES"
|
||||
.TP
|
||||
KRB5_KTNAME
|
||||
Location of the keytab to be used by ipa_kpasswd
|
||||
.TP
|
||||
IPA_KPASSWD_DEBUG
|
||||
Enable additional syslog output from ipa_kpasswd. Setting greater than 0 gets basic output. Setting higher than 100 gets more.
|
||||
.SH "EXIT STATUS"
|
||||
\-1 if an error occurred
|
2
ipa.1
2
ipa.1
@ -192,7 +192,7 @@ IPA default configuration file.
|
||||
2 If an entry is not found
|
||||
.SH "SEE ALSO"
|
||||
ipa\-client\-install(1), ipa\-compat\-manage(1), ipactl(1), ipa\-dns\-install(1),
|
||||
ipa\-getcert(1), ipa\-getkeytab(1), ipa\-join(1), ipa_kpasswd(1), ipa\-ldap\-updater(1),
|
||||
ipa\-getcert(1), ipa\-getkeytab(1), ipa\-join(1), ipa\-ldap\-updater(1),
|
||||
ipa\-nis\-manage(1), ipa\-replica\-install(1), ipa\-replica\-manage(1), ipa\-replica\-prepare(1),
|
||||
ipa\-rmkeytab(1), ipa\-server\-certinstall(2), ipa\-server\-install(1), ipa\-upgradeconfig(1),
|
||||
ipa\-host\-net\-manage(1)
|
||||
|
@ -71,7 +71,7 @@ def update_key_val_in_file(filename, key, val):
|
||||
|
||||
class KpasswdInstance(service.SimpleServiceInstance):
|
||||
def __init__(self):
|
||||
service.SimpleServiceInstance.__init__(self, "ipa_kpasswd")
|
||||
service.SimpleServiceInstance.__init__(self, "kadmin")
|
||||
|
||||
class KrbInstance(service.Service):
|
||||
def __init__(self, fstore=None):
|
||||
|
@ -34,7 +34,7 @@ CACERT = "/etc/ipa/ca.crt"
|
||||
|
||||
SERVICE_LIST = {
|
||||
'KDC':('krb5kdc', 10),
|
||||
'KPASSWD':('ipa_kpasswd', 20),
|
||||
'KPASSWD':('kadmin', 20),
|
||||
'DNS':('named', 30),
|
||||
'HTTP':('httpd', 40),
|
||||
'CA':('pki-cad', 50)
|
||||
|
@ -1,4 +1,4 @@
|
||||
SUBDIRS = ipa_kpasswd ipa_httpd ipa_dogtag
|
||||
SUBDIRS = ipa_httpd ipa_dogtag
|
||||
POLICY_MAKEFILE = /usr/share/selinux/devel/Makefile
|
||||
POLICY_DIR = $(DESTDIR)/usr/share/selinux/targeted
|
||||
|
||||
@ -21,9 +21,8 @@ maintainer-clean: distclean
|
||||
|
||||
install: all
|
||||
install -d $(POLICY_DIR)
|
||||
install -m 644 ipa_kpasswd/ipa_kpasswd.pp $(POLICY_DIR)
|
||||
install -m 644 ipa_httpd/ipa_httpd.pp $(POLICY_DIR)
|
||||
install -m 644 ipa_dogtag/ipa_dogtag.pp $(POLICY_DIR)
|
||||
|
||||
load:
|
||||
/usr/sbin/semodule -i ipa_kpasswd/ipa_kpasswd.pp ipa_httpd/ipa_httpd.pp
|
||||
/usr/sbin/semodule -i ipa_httpd/ipa_httpd.pp
|
||||
|
@ -36,7 +36,6 @@ make DESTDIR=%{buildroot} install
|
||||
|
||||
%files
|
||||
%{_usr}/share/selinux/targeted/ipa_webgui.pp
|
||||
%{_usr}/share/selinux/targeted/ipa_kpasswd.pp
|
||||
|
||||
|
||||
%define saveFileContext() \
|
||||
@ -61,7 +60,7 @@ fi;
|
||||
%saveFileContext targeted
|
||||
|
||||
%post
|
||||
semodule -s targeted -i /usr/share/selinux/targeted/ipa_webgui.pp /usr/share/selinux/targeted/ipa_kpasswd.pp
|
||||
semodule -s targeted -i /usr/share/selinux/targeted/ipa_webgui.pp
|
||||
%relabel targeted
|
||||
|
||||
%preun
|
||||
@ -71,7 +70,7 @@ fi
|
||||
|
||||
%postun
|
||||
if [ $1 = 0 ]; then
|
||||
semodule -s targeted -r ipa_webgui ipa_kpasswd
|
||||
semodule -s targeted -r ipa_webgui
|
||||
%relabel targeted
|
||||
fi
|
||||
|
||||
|
@ -1,9 +0,0 @@
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
/usr/sbin/ipa_kpasswd -- gen_context(system_u:object_r:ipa_kpasswd_exec_t,s0)
|
||||
|
||||
#
|
||||
# /var
|
||||
#
|
||||
/var/cache/ipa/kpasswd(/.*)? gen_context(system_u:object_r:ipa_kpasswd_ccache_t,s0)
|
@ -1,80 +0,0 @@
|
||||
policy_module(ipa_kpasswd, 1.0)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
type ipa_kpasswd_t;
|
||||
type ipa_kpasswd_exec_t;
|
||||
type ipa_kpasswd_var_run_t;
|
||||
type ipa_kpasswd_ccache_t;
|
||||
init_daemon_domain(ipa_kpasswd_t, ipa_kpasswd_exec_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
# IPA kpasswd local policy
|
||||
#
|
||||
|
||||
allow ipa_kpasswd_t self:capability { sys_nice dac_override };
|
||||
allow ipa_kpasswd_t self:tcp_socket create_stream_socket_perms;
|
||||
allow ipa_kpasswd_t self:udp_socket create_socket_perms;
|
||||
|
||||
files_read_etc_files(ipa_kpasswd_t)
|
||||
files_search_usr(ipa_kpasswd_t)
|
||||
|
||||
files_pid_file(ipa_kpasswd_var_run_t);
|
||||
allow ipa_kpasswd_t ipa_kpasswd_var_run_t:file manage_file_perms;
|
||||
files_pid_filetrans(ipa_kpasswd_t,ipa_kpasswd_var_run_t,file)
|
||||
|
||||
auth_use_nsswitch(ipa_kpasswd_t)
|
||||
|
||||
libs_use_ld_so(ipa_kpasswd_t)
|
||||
libs_use_shared_libs(ipa_kpasswd_t)
|
||||
|
||||
logging_send_syslog_msg(ipa_kpasswd_t)
|
||||
|
||||
miscfiles_read_localization(ipa_kpasswd_t)
|
||||
|
||||
kerberos_use(ipa_kpasswd_t)
|
||||
kerberos_manage_host_rcache(ipa_kpasswd_t)
|
||||
kerberos_read_kdc_config(ipa_kpasswd_t)
|
||||
|
||||
kernel_read_system_state(ipa_kpasswd_t)
|
||||
|
||||
# /var/cache/ipa/kpasswd
|
||||
files_type(ipa_kpasswd_ccache_t)
|
||||
manage_dirs_pattern(ipa_kpasswd_t, ipa_kpasswd_ccache_t, ipa_kpasswd_ccache_t)
|
||||
manage_files_pattern(ipa_kpasswd_t, ipa_kpasswd_ccache_t, ipa_kpasswd_ccache_t)
|
||||
files_var_filetrans(ipa_kpasswd_t, ipa_kpasswd_ccache_t,dir)
|
||||
|
||||
kernel_read_network_state(ipa_kpasswd_t)
|
||||
kernel_read_network_state_symlinks(ipa_kpasswd_t)
|
||||
|
||||
corenet_tcp_sendrecv_all_if(ipa_kpasswd_t)
|
||||
corenet_udp_sendrecv_all_if(ipa_kpasswd_t)
|
||||
corenet_raw_sendrecv_all_if(ipa_kpasswd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ipa_kpasswd_t)
|
||||
corenet_udp_sendrecv_all_nodes(ipa_kpasswd_t)
|
||||
corenet_raw_sendrecv_all_nodes(ipa_kpasswd_t)
|
||||
corenet_tcp_sendrecv_all_ports(ipa_kpasswd_t)
|
||||
corenet_udp_sendrecv_all_ports(ipa_kpasswd_t)
|
||||
corenet_non_ipsec_sendrecv(ipa_kpasswd_t)
|
||||
corenet_tcp_bind_all_nodes(ipa_kpasswd_t)
|
||||
corenet_udp_bind_all_nodes(ipa_kpasswd_t)
|
||||
corenet_tcp_bind_kerberos_admin_port(ipa_kpasswd_t)
|
||||
corenet_udp_bind_kerberos_admin_port(ipa_kpasswd_t)
|
||||
require {
|
||||
type krb5kdc_conf_t;
|
||||
};
|
||||
|
||||
allow ipa_kpasswd_t krb5kdc_conf_t:dir search_dir_perms;
|
||||
|
||||
optional_policy(`
|
||||
gen_require(`
|
||||
type kerberos_password_port_t;
|
||||
')
|
||||
corenet_tcp_bind_kerberos_password_port(ipa_kpasswd_t)
|
||||
corenet_udp_bind_kerberos_password_port(ipa_kpasswd_t)
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user