Layer: services

Module: kerberos

Tunables Interfaces Templates

Description:

This policy supports:

Servers:

Clients:


Tunables:

allow_kerberos
Default value

false

Description

Allow confined applications to run with kerberos.

Return

Interfaces:

kerberos_524_connect( domain )
Summary

Connect to krb524 service

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
kerberos_admin( domain , role , terminal )
Summary

All of the rules required to administrate an kerberos environment

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
role

The role to be allowed to manage the kerberos domain.

No
terminal

The type of the user terminal.

No
kerberos_domtrans_kpropd( domain )
Summary

Execute a domain transition to run kpropd.

Parameters
Parameter:Description:Optional:
domain

Domain allowed to transition.

No
kerberos_dontaudit_write_config( domain )
Summary

Do not audit attempts to write the kerberos configuration file (/etc/krb5.conf).

Parameters
Parameter:Description:Optional:
domain

Domain to not audit.

No
kerberos_exec_kadmind( domain )
Summary

Execute a kadmind_exec_t in the current domain

Parameters
Parameter:Description:Optional:
domain

Domain allowed to transition.

No
kerberos_initrc_domtrans( domain )
Summary

Execute kerberos server in the kerberos domain.

Parameters
Parameter:Description:Optional:
domain

The type of the process performing this action.

No
kerberos_kpropd_initrc_domtrans( domain )
Summary

Execute kpropd server in the kpropd domain.

Parameters
Parameter:Description:Optional:
domain

The type of the process performing this action.

No
kerberos_manage_host_rcache( domain )
Summary

Read the kerberos kdc configuration file (/etc/krb5kdc.conf).

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
kerberos_read_config( domain )
Summary

Read the kerberos configuration file (/etc/krb5.conf).

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
kerberos_read_kdc_config( domain )
Summary

Read the kerberos kdc configuration file (/etc/krb5kdc.conf).

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
kerberos_read_keytab( domain )
Summary

Read the kerberos key table.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
kerberos_rw_config( domain )
Summary

Read and write the kerberos configuration file (/etc/krb5.conf).

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
kerberos_use( domain )
Summary

Use kerberos services

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
Return

Templates:

kerberos_keytab_template( prefix , domain )
Summary

Create a derived type for kerberos keytab

Parameters
Parameter:Description:Optional:
prefix

The prefix to be used for deriving type names.

No
domain

Domain allowed access.

No
Return