How can I prevent a user principal from accessing a kerberoizedservice/host?
I use MIT Kerberos 5 & OpenLDAP to manage my network users. I can login successfully to all machines using my Kerberos principal. I need to create a limited account that is able to access only a few hosts/services not all machines/services. How can I do this?
Thank you
Amir
_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
[url]http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us[/url]
Re: How can I prevent a user principal from accessing a kerberoizedservice/host?
In article <mailman.2.1195976449.11331.kerberos@mit.edu>,
Amir Saad <eng__amir@hotmail.com> wrote:
[color=blue]
>I use MIT Kerberos 5 & OpenLDAP to manage my network users. I can login
>successfully to all machines using my Kerberos principal. I need to
>create a limited account that is able to access only a few
>hosts/services not all machines/services. How can I do this?[/color]
You use whatever access-control mechanisms are provided by those
services. Kerberos is an authentication protocol, not an
authorization service.
-GAWollman
--
Garrett A. Wollman | The real tragedy of human existence is not that we are
[email]wollman@csail.mit.edu[/email]| nasty by nature, but that a cruel structural asymmetry
Opinions not those | grants to rare events of meanness such power to shape
of MIT or CSAIL. | our history. - S.J. Gould, Ten Thousand Acts of Kindness
