Blame man/man8/kerberos_selinux.8
Branch: 49317e6b497d7ee3d53ed38d0e182430acaa8e32
Chris PeBenito
bf080a
.TH "kerberos_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "kerberos Selinux Policy documentation"
Chris PeBenito
bf080a
.SH "NAME"
Chris PeBenito
bf080a
kerberos_selinux \- Security Enhanced Linux Policy for Kerberos.
Chris PeBenito
bf080a
.SH "DESCRIPTION"
Chris PeBenito
bf080a
Chris PeBenito
bf080a
Security-Enhanced Linux secures the system via flexible mandatory access
Chris PeBenito
bf080a
control. By default Kerberos access is not allowed, since it requires daemons to be allowed greater access to certain secure files and addtional access to the network.
Chris PeBenito
bf080a
.SH BOOLEANS
Chris PeBenito
bf080a
.TP
Chris PeBenito
bf080a
You must set the allow_kerberos boolean to allow your system to work properly in a Kerberos environment.
Chris PeBenito
bf080a
.TP
Chris PeBenito
bf080a
setsebool -P allow_kerberos 1
Chris PeBenito
bf080a
.TP
Chris PeBenito
bf080a
If you are running Kerberos daemons kadmind or krb5kdc you can disable the SELinux protection on these daemons by setting the krb5kdc_disable_trans and kadmind_disable_trans booleans.
Chris PeBenito
bf080a
.br
Chris PeBenito
bf080a
Chris PeBenito
bf080a
setsebool -P krb5kdc_disable_trans 1
Chris PeBenito
bf080a
.br
Chris PeBenito
bf080a
service krb5kdc restart
Chris PeBenito
bf080a
.br
Chris PeBenito
bf080a
setsebool -P kadmind_disable_trans booleans 1
Chris PeBenito
bf080a
.br
Chris PeBenito
bf080a
service kadmind restart
Chris PeBenito
bf080a
Chris PeBenito
bf080a
.TP
Chris PeBenito
bf080a
system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
Chris PeBenito
bf080a
.SH AUTHOR
Chris PeBenito
bf080a
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
Chris PeBenito
bf080a
Chris PeBenito
bf080a
.SH "SEE ALSO"
Chris PeBenito
bf080a
selinux(8), kerberos(1), chcon(1), setsebool(8)