[Freeipa-users] Postfix and FreeIPA in a secure setup
Simo Sorce
simo at redhat.com
Wed Mar 13 13:17:48 UTC 2013
On Wed, 2013-03-13 at 12:41 +0000, Dale Macartney wrote:
> chown root:mail /etc/postfix/smtp.keytab
> chmod 644 /etc/postfix/smtp.keytab
>
NEVER ever use 644 on a keytab file.
A keytab is like a password, if you make it accessible to everybody on a
system you gave it up.
Sorry to be harsh but I want to make it very clear for our uses that
keytabs are *secrets* and should *never* be made available to the whole
system, It is exactly like putting a password in the clear in a file and
making it accessible to everyone.
In your case I guess you want to use 660 or 640.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list