Documentation of principal attributes

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Documentation of principal attributes

Adam Lewenberg
I am looking for documentation on the attributes that can be set on a
principal. The only thing I could find is page 233 of Jason Garman's
"Kerberos: The Definitive Guide" from 2003.

The kadmin page *lists* the attributes, but is there a man page or
Heimdal document page that *describes* what each attribute does and how
it affects the principal?

Thanks, Adam Lewenberg

Reply | Threaded
Open this post in threaded view
|

Re: Documentation of principal attributes

Henry B (Hank) Hotz, CISSP-2
AFAIK no. Most are obvious-ish: disallow all, the client and server ones. The hardware preauth one is just a placeholder for unimplemented functionality. JPL never made much use of them.

The ok as delegate one could be important for AD interoperability if you do a HTTP-Negotiate with web servers.

That’s just off the top of my head.

> On Feb 17, 2017, at 3:30 PM, Adam Lewenberg <[hidden email]> wrote:
>
> I am looking for documentation on the attributes that can be set on a principal. The only thing I could find is page 233 of Jason Garman's "Kerberos: The Definitive Guide" from 2003.
>
> The kadmin page *lists* the attributes, but is there a man page or Heimdal document page that *describes* what each attribute does and how it affects the principal?
>
> Thanks, Adam Lewenberg
>

Personal email.  [hidden email]