From 34bd4abba82885bb74361d8af0ac6bb7e708c498 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Wed, 13 Sep 2006 23:55:24 +0000
Subject: Add the config stubs for the keytab-backend program.

---
 config/allow-extract | 5 +++++
 config/keytab        | 6 ++++++
 config/keytab.acl    | 6 ++++++
 3 files changed, 17 insertions(+)
 create mode 100644 config/allow-extract
 create mode 100644 config/keytab
 create mode 100644 config/keytab.acl

(limited to 'config')

diff --git a/config/allow-extract b/config/allow-extract
new file mode 100644
index 0000000..824a9b8
--- /dev/null
+++ b/config/allow-extract
@@ -0,0 +1,5 @@
+# /etc/krb5kdc/allow-extract -- List of principals for keytab retrieval.
+#
+# Any principal matching a regular expression in this file will be
+# eligible for keytab retrieval through keytab-backend.  Be careful to
+# anchor the regular expressions and include realm information if needed.
diff --git a/config/keytab b/config/keytab
new file mode 100644
index 0000000..8446866
--- /dev/null
+++ b/config/keytab
@@ -0,0 +1,6 @@
+# /etc/remctl/conf.d/keytab -- Run keytab-backend for keytab retrieval.
+#
+# This is a remctld configuration fragment to run kdc-backend to permit
+# remote retrieval of certain keytabs.
+
+keytab retrieve /usr/sbin/kdc-backend /etc/remctl/acl/keytab
diff --git a/config/keytab.acl b/config/keytab.acl
new file mode 100644
index 0000000..c55ae46
--- /dev/null
+++ b/config/keytab.acl
@@ -0,0 +1,6 @@
+# /etc/remctl/acl/keytab -- ACL for keytab retrieval.
+#
+# This is the ACL controlling who can retrieve keytabs for the existing
+# keys of principals matching lines in /etc/krb5kdc/allow-extract.  It
+# usually should only contain one principal, the principal of the wallet
+# server.
-- 
cgit v1.2.3