summaryrefslogtreecommitdiff
path: root/server/zephyrd.8
diff options
context:
space:
mode:
authorGravatar John Kohl <jtkohl@mit.edu>1988-01-22 09:03:20 +0000
committerGravatar John Kohl <jtkohl@mit.edu>1988-01-22 09:03:20 +0000
commitb801284674c20f71457a726a69df38d8cd114e39 (patch)
tree42a1dec081699aada9f383c83a95c67350344150 /server/zephyrd.8
parent6167cb91c694897706c19c922133ff165a73f0ae (diff)
describe new acl scheme
Diffstat (limited to 'server/zephyrd.8')
-rw-r--r--server/zephyrd.845
1 files changed, 33 insertions, 12 deletions
diff --git a/server/zephyrd.8 b/server/zephyrd.8
index b77f04c..0529cd1 100644
--- a/server/zephyrd.8
+++ b/server/zephyrd.8
@@ -32,19 +32,40 @@ The server then enters a dispatch loop, servicing requests from clients and
other servers.
.SH ACCESS CONTROL
Certain notice classes are restricted by the Zephyr server. Each such
-class has an access control list enumerating who may transmit or
-subscribe to that particular class.
+class has access control lists enumerating who may transmit (xmt-*.acl) or
+subscribe to that particular class. Subscriptions may be
+restricted either absolutely (sub-*.acl files), or by instance restrictions.
+iws-*.acl files control subscriptions to wildcarded instances.
+iui-*.acl files control subscriptions to instances which are not the
+Kerberos principal identity of the subscriber.
+If an access control list of a given type is absent, there is no
+restriction of that type on the class, except that any notices of the
+class must be authenticated.
+The class registry lists all classes which are restricted.
.SH FILES
-/usr/athena/lib/zephyr/sub-*.acl Access Control Lists for subscribing
-.br
-/usr/athena/lib/zephyr/xmt-*.acl Access Control Lists for transmitting
-.br
-/usr/athena/lib/zephyr/srvtab Kerberos Service keys
-.br
-/usr/athena/lib/zephyr/ztkts Current kerberos tickets for exchange with other servers
-.br
+.TP \w'/usr/athena/lib/zephyr/class-registry.acl'u+4n
+/usr/athena/lib/zephyr/class-registry.acl
+List of classes which are restricted
+.TP
+/usr/athena/lib/zephyr/iws-*.acl
+Access Control Lists for instance-wildcard restrictions
+.TP
+/usr/athena/lib/zephyr/iui-*.acl
+Access Control Lists for instance-identity restrictions
+.TP
+/usr/athena/lib/zephyr/sub-*.acl
+Access Control Lists for subscribing
+.TP
+/usr/athena/lib/zephyr/xmt-*.acl
+Access Control Lists for transmitting
+.TP
+/usr/athena/lib/zephyr/srvtab
+Kerberos Service keys
+.TP
+/usr/athena/lib/zephyr/ztkts
+Current kerberos tickets for exchange with other servers
.SH SEE ALSO
-zephyr(1), zhm(8), kerberos(?), hesiod(?)
+zephyr(1), zhm(8), kerberos(?), hesiod(?), access_control_lists(?)
.br
Athena Technical Plan, Sections E.4.1 (Zephyr Notification Service) and
E.2.1 (Kerberos Authentication and Authorization System)
@@ -52,7 +73,7 @@ E.2.1 (Kerberos Authentication and Authorization System)
.PP
John T. Kohl, MIT Project Athena
.sp
-Copyright (c) 1987 by the Massachusetts Institute of Technology
+Copyright (c) 1987,1988 by the Massachusetts Institute of Technology
.br
See
.I zephyr(1)