[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#946797: debian-edu-config: kadm5.acl should set proper rights for users

>> >  root/admin@INTERN *
>> > -*@INTERN cil
>> > +*@INTERN Cil
>> >  */*@INTERN i
>> >  EOF
>> >      chmod 644 /etc/krb5kdc/kadm5.acl
>> Why not just remove that line?
>The only line needed is: root/admin@INTERN *
>Intention is to fix the bug, but keep the change as minimal as

Then it should be CIl in my opinion. Listing principals is the same as getent passwd, so no additional leaks here. The i ACL allows tracking other users' use of the network. It is thus part of the bug.

Reply to: