[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#946797: debian-edu-config: kadm5.acl should set proper rights for users

>> >  root/admin@INTERN *
>> > -*@INTERN cil
>> > +*@INTERN Cil
>> >  */*@INTERN i
>> >  EOF
>> >      chmod 644 /etc/krb5kdc/kadm5.acl
>> 
>> Why not just remove that line?
>
>The only line needed is: root/admin@INTERN *
>Intention is to fix the bug, but keep the change as minimal as
>possible.

Then it should be CIl in my opinion. Listing principals is the same as getent passwd, so no additional leaks here. The i ACL allows tracking other users' use of the network. It is thus part of the bug.
Reply to: