MIT Krb5 + SELinux
Jerome Walter
walter+kerberos at efrei.fr
Mon Apr 12 21:00:40 EDT 2004
Good Morning/Afternoon/Evening,
I am trying to install krb5 over SELinux policies.
The first point is to secure the Kdc (so it could minimise the risk of
this key server being compromised). Does someone have already taken this
path ?
The first though i had for being the most secure, is to give read-only
access to key database for the kdc, and write access to the kadmin
server. It seems to me that it could reduce the risk on kdc failures.
But, you do know more the internals and access needs of the program.
By the way, a common constant on the programs is that most want access
do urandom devices, but do not require it really. I guess, that to
create tickets, kdc do need access to the device, otherwise the work
could be altered. Am i right ? Is there any special files/devices the
kdc/kadmin/kclients do need access to ?
TIA for your answers,
Best Regards,
Jerome Walter
--
-+-- Jerome Walter - EFREI p2004 ----+-
Mail *is* private
More information about the Kerberos
mailing list