How can I prevent a user principal from accessing a kerberoizedservice/host? - Kerberos

This is a discussion on How can I prevent a user principal from accessing a kerberoizedservice/host? - Kerberos ; I use MIT Kerberos 5 & OpenLDAP to manage my network users. I can login successfully to all machines using my Kerberos principal. I need to create a limited account that is able to access only a few hosts/services not ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: How can I prevent a user principal from accessing a kerberoizedservice/host?

  1. How can I prevent a user principal from accessing a kerberoizedservice/host?


    I use MIT Kerberos 5 & OpenLDAP to manage my network users. I can login successfully to all machines using my Kerberos principal. I need to create a limited account that is able to access only a few hosts/services not all machines/services. How can I do this?

    Thank you

    Amir

    __________________________________________________ _______________
    Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
    http://spaces.live.com/spacesapi.asp...aspx&mkt=en-us

  2. Re: How can I prevent a user principal from accessing a kerberoizedservice/host?

    In article ,
    Amir Saad wrote:

    >I use MIT Kerberos 5 & OpenLDAP to manage my network users. I can login
    >successfully to all machines using my Kerberos principal. I need to
    >create a limited account that is able to access only a few
    >hosts/services not all machines/services. How can I do this?


    You use whatever access-control mechanisms are provided by those
    services. Kerberos is an authentication protocol, not an
    authorization service.

    -GAWollman

    --
    Garrett A. Wollman | The real tragedy of human existence is not that we are
    wollman@csail.mit.edu| nasty by nature, but that a cruel structural asymmetry
    Opinions not those | grants to rare events of meanness such power to shape
    of MIT or CSAIL. | our history. - S.J. Gould, Ten Thousand Acts of Kindness

+ Reply to Thread