[28785] in Kerberos
Re: How can I prevent a user principal from accessing a kerberoized
daemon@ATHENA.MIT.EDU (Garrett Wollman)
Sun Nov 25 13:45:12 2007
From: wollman@bimajority.org (Garrett Wollman)
Date: Sun, 25 Nov 2007 18:35:08 +0000 (UTC)
Message-ID: <ficf8s$2db$1@grapevine.csail.mit.edu>
X-Complaints-To: security@csail.mit.edu
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
In article <mailman.2.1195976449.11331.kerberos@mit.edu>,
Amir Saad <eng__amir@hotmail.com> wrote:
>I use MIT Kerberos 5 & OpenLDAP to manage my network users. I can login
>successfully to all machines using my Kerberos principal. I need to
>create a limited account that is able to access only a few
>hosts/services not all machines/services. How can I do this?
You use whatever access-control mechanisms are provided by those
services. Kerberos is an authentication protocol, not an
authorization service.
-GAWollman
--
Garrett A. Wollman | The real tragedy of human existence is not that we are
wollman@csail.mit.edu| nasty by nature, but that a cruel structural asymmetry
Opinions not those | grants to rare events of meanness such power to shape
of MIT or CSAIL. | our history. - S.J. Gould, Ten Thousand Acts of Kindness
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
