Running KDC as non-root and dockerize KDC
Robbie Harwood
rharwood at redhat.com
Fri Jan 4 11:14:37 EST 2019
Yegui Cai <caiyegui at gmail.com> writes:
> Hi all.
>
> This can be two threads but I have the following two questions at the
> same time.
>
> 1. Can we run KDC as a non-root user? Meaning is it required to run KDC as
> root?
The KDC and kadmin want several low-number ports, including 88, 749, and
possibly 754. They also need permissions set up correctly in order to
access the datastore. Modifying these permissions requires some care to
avoid circumventing any additional protections your system may already
have (e.g., Selinux). I'm not aware of other potential issues.
> 2. Is there any official docker images for KDC? or any plan to have
> one?
The FreeIPA project has container images for the server:
https://www.freeipa.org/page/Docker (note that this includes more than
just a KDC, though).
I'm not aware of anyone else distributing images, but there's nothing
that stops you from setting it up in a container.
Thanks,
--Robbie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20190104/8d101606/attachment-0001.bin
More information about the Kerberos
mailing list