Package: debian-edu-config Version: 1.812+deb8u1 Severity: important To improve security, settings in kadm5.acl should be adjusted. The needed fix is minimal: --- a/share/debian-edu-config/tools/kerberos-kdc-init +++ b/share/debian-edu-config/tools/kerberos-kdc-init @@ -187,7 +187,7 @@ EOF if [ ! -f /etc/krb5kdc/kadm5.acl ] ; then cat > /etc/krb5kdc/kadm5.acl <<EOF root/admin@INTERN * -*@INTERN cil +*@INTERN Cil */*@INTERN i EOF chmod 644 /etc/krb5kdc/kadm5.acl Thanks to Andreas B. Mundt for the hint. Also, /etc/krb5kdc/kadm5.acl should be fixed accordingly upon upgrades by adding something like this to debian-edu-config.postinst: [configure case] fi + + # Set proper rights for users. + if [ -f /etc/krb5kdc/kadm5.acl ] ; then + sed -i 's/cil/Cil/' /etc/krb5kdc/kadm5.acl + fi ;; esac Wolfgang
Attachment:
signature.asc
Description: PGP signature