How can I prevent a user principal from accessing a kerberoized service/host?
Garrett Wollman
wollman at bimajority.org
Sun Nov 25 13:35:08 EST 2007
In article <mailman.2.1195976449.11331.kerberos at mit.edu>,
Amir Saad <eng__amir at hotmail.com> wrote:
>I use MIT Kerberos 5 & OpenLDAP to manage my network users. I can login
>successfully to all machines using my Kerberos principal. I need to
>create a limited account that is able to access only a few
>hosts/services not all machines/services. How can I do this?
You use whatever access-control mechanisms are provided by those
services. Kerberos is an authentication protocol, not an
authorization service.
-GAWollman
--
Garrett A. Wollman | The real tragedy of human existence is not that we are
wollman at csail.mit.edu| nasty by nature, but that a cruel structural asymmetry
Opinions not those | grants to rare events of meanness such power to shape
of MIT or CSAIL. | our history. - S.J. Gould, Ten Thousand Acts of Kindness
More information about the Kerberos
mailing list