-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/13/2013 01:17 PM, Simo Sorce wrote: > On Wed, 2013-03-13 at 12:41 +0000, Dale Macartney wrote: >> chown root:mail /etc/postfix/smtp.keytab >> chmod 644 /etc/postfix/smtp.keytab >> > NEVER ever use 644 on a keytab file. > > A keytab is like a password, if you make it accessible to everybody on a > system you gave it up. > > Sorry to be harsh but I want to make it very clear for our uses that > keytabs are *secrets* and should *never* be made available to the whole > system, It is exactly like putting a password in the clear in a file and > making it accessible to everyone. > > In your case I guess you want to use 660 or 640. Thanks for pointing out the typo.. 640 is usual practice as the services only need read access to the keytab. > > > Simo. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRQH1rAAoJEAJsWS61tB+qPzkQAK7c9YK88iTMeyclwH8hn1Y1 fK2kaqYdcc/irdbH6oQzew+lmkg7hmK9oJf4GF1o/yDDwVDXwJrA1pS+8+FCrPH/ k+rlO+cRKa0rg5A+CfsaP7j31qvZZOD8prIXm5MCmRg5US6eN4wk706Mr5iAflE6 BUnav5acejmkD/86FFTm/AsuaAYObjnh00Oaf2hWcEQSloVU3/Pv+trEOJZklcPd vK1Qg6U0A7QuZGFk7/1SqWybPtUR6fVTbqevXwIZnQfTrf63yNlbiPV8zl+LfNaE /+28DNOGLmrKSNfuzDOXjgH3ys4rdqfMwyb7RJzI6FZgE3VjQ/otgIyw1MwS/4cA E3Dp8FYeKl6WbJTlQ3py4mlnSIHl6ozWZe0ePecKlJiYAHzUWP9XFLw21u9afxep pncL11sLXWuvEQT3NL1xHepoYNik0zgDJP3urt+9Htje8jGgBrDUN9ljzWfnyro1 Qrszj++QI1zefejM9LtOSz/hLL722Z+uLP724pum14gErlhDnhrqbzUVbjEdRdXW PZtqdG+Fz+7nWM89kcvKJIenBhoW1axY5+JXuDQ7oT+neoRie+aCzeO1LsmIALuj 7m52jtB5ao3HH70TY86sHBGnlLYZj97qdTK/kb+aVktwRh/H8vO3GeR5Ew4vOm0p kpGTy+/lWzQv0WYISqJC =QPwA -----END PGP SIGNATURE----- _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
