Advanced features and testing tools
Test host-based access control rules to verify access decisions before deployment. HBAC test simulates authentication attempts and evaluates whether access would be granted based on current HBAC rules. Features include testing specific user, source host, target host, and service combinations with detailed output showing matched rules, unmatched rules, and access decisions.
Manage constrained delegation rules for Kerberos services (S4U2Proxy). Service delegation enables services to obtain tickets on behalf of users for accessing other services. Features include delegation rule creation, membership management for delegating and delegated services, and support for constrained delegation scenarios enabling secure service-to-service authentication on behalf of end users.
Manage subordinate UID and GID ranges for user namespaces in containers. Subordinate IDs enable unprivileged container usage by providing non-overlapping UID/GID ranges for container processes. Features include automatic range assignment, range generation, range statistics, and integration with container runtimes for secure, isolated container deployments without requiring privileged operations.