unbound.ssl.policy revision 11814:76b64929271b
1grant { 2 permission java.util.PropertyPermission "*", "read,write"; 3 permission java.net.SocketPermission "*:*", "listen,resolve,accept,connect"; 4 permission java.io.FilePermission "*", "read,write,delete"; 5 permission java.lang.RuntimePermission "accessDeclaredMembers"; 6 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 7 permission java.lang.RuntimePermission "accessClassInPackage.*"; 8 permission javax.security.auth.AuthPermission "doAs"; 9 permission javax.security.auth.AuthPermission "getSubject"; 10 permission javax.security.auth.AuthPermission 11 "createLoginContext.server_star"; 12 permission javax.security.auth.AuthPermission 13 "createLoginContext.server_multiple_principals"; 14 permission javax.security.auth.AuthPermission "modifyPrincipals"; 15 permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab java.security.Principal \"krb5.keytab.data\"", "read"; 16 17 // clients have a permission to use all service principals 18 permission javax.security.auth.kerberos.ServicePermission "*", "initiate"; 19 20 // server has a service permission 21 // to accept only service1 and service3 principals 22 permission javax.security.auth.kerberos.ServicePermission 23 "host/service1.localhost@TEST.REALM", "accept"; 24 permission javax.security.auth.kerberos.ServicePermission 25 "host/service3.localhost@TEST.REALM", "accept"; 26}; 27