Package: debian-edu-config Version: 1.812+deb8u1 Severity: important To improve security, settings in kadm5.acl should be adjusted.
The needed fix is minimal:
--- a/share/debian-edu-config/tools/kerberos-kdc-init
+++ b/share/debian-edu-config/tools/kerberos-kdc-init
@@ -187,7 +187,7 @@ EOF
if [ ! -f /etc/krb5kdc/kadm5.acl ] ; then
cat > /etc/krb5kdc/kadm5.acl <<EOF
root/admin@INTERN *
-*@INTERN cil
+*@INTERN Cil
*/*@INTERN i
EOF
chmod 644 /etc/krb5kdc/kadm5.acl
Thanks to Andreas B. Mundt for the hint.
Also, /etc/krb5kdc/kadm5.acl should be fixed accordingly upon upgrades
by adding something like this to debian-edu-config.postinst:
[configure case]
fi
+
+ # Set proper rights for users.
+ if [ -f /etc/krb5kdc/kadm5.acl ] ; then
+ sed -i 's/cil/Cil/' /etc/krb5kdc/kadm5.acl
+ fi
;;
esac
Wolfgang
signature.asc
Description: PGP signature
