diff options
| author |  John Kohl <jtkohl@mit.edu> | 1988-01-22 09:03:20 +0000 |
|---|---|---|
| committer | John Kohl <jtkohl@mit.edu> | 1988-01-22 09:03:20 +0000 |
| commit | b801284674c20f71457a726a69df38d8cd114e39 (patch) | |
| tree | 42a1dec081699aada9f383c83a95c67350344150 /server/zephyrd.8 | |
| parent | 6167cb91c694897706c19c922133ff165a73f0ae (diff) | |
describe new acl scheme
Diffstat (limited to 'server/zephyrd.8')
| -rw-r--r-- | server/zephyrd.8 | 45 |
1 files changed, 33 insertions, 12 deletions
diff --git a/server/zephyrd.8 b/server/zephyrd.8 index b77f04c..0529cd1 100644 --- a/server/zephyrd.8 +++ b/server/zephyrd.8 @@ -32,19 +32,40 @@ The server then enters a dispatch loop, servicing requests from clients and other servers. .SH ACCESS CONTROL Certain notice classes are restricted by the Zephyr server. Each such -class has an access control list enumerating who may transmit or -subscribe to that particular class. +class has access control lists enumerating who may transmit (xmt-*.acl) or +subscribe to that particular class. Subscriptions may be +restricted either absolutely (sub-*.acl files), or by instance restrictions. +iws-*.acl files control subscriptions to wildcarded instances. +iui-*.acl files control subscriptions to instances which are not the +Kerberos principal identity of the subscriber. +If an access control list of a given type is absent, there is no +restriction of that type on the class, except that any notices of the +class must be authenticated. +The class registry lists all classes which are restricted. .SH FILES -/usr/athena/lib/zephyr/sub-*.acl Access Control Lists for subscribing -.br -/usr/athena/lib/zephyr/xmt-*.acl Access Control Lists for transmitting -.br -/usr/athena/lib/zephyr/srvtab Kerberos Service keys -.br -/usr/athena/lib/zephyr/ztkts Current kerberos tickets for exchange with other servers -.br +.TP \w'/usr/athena/lib/zephyr/class-registry.acl'u+4n +/usr/athena/lib/zephyr/class-registry.acl +List of classes which are restricted +.TP +/usr/athena/lib/zephyr/iws-*.acl +Access Control Lists for instance-wildcard restrictions +.TP +/usr/athena/lib/zephyr/iui-*.acl +Access Control Lists for instance-identity restrictions +.TP +/usr/athena/lib/zephyr/sub-*.acl +Access Control Lists for subscribing +.TP +/usr/athena/lib/zephyr/xmt-*.acl +Access Control Lists for transmitting +.TP +/usr/athena/lib/zephyr/srvtab +Kerberos Service keys +.TP +/usr/athena/lib/zephyr/ztkts +Current kerberos tickets for exchange with other servers .SH SEE ALSO -zephyr(1), zhm(8), kerberos(?), hesiod(?) +zephyr(1), zhm(8), kerberos(?), hesiod(?), access_control_lists(?) .br Athena Technical Plan, Sections E.4.1 (Zephyr Notification Service) and E.2.1 (Kerberos Authentication and Authorization System) @@ -52,7 +73,7 @@ E.2.1 (Kerberos Authentication and Authorization System) .PP John T. Kohl, MIT Project Athena .sp -Copyright (c) 1987 by the Massachusetts Institute of Technology +Copyright (c) 1987,1988 by the Massachusetts Institute of Technology .br See .I zephyr(1) |