[krbdev.mit.edu #8761] ksu doesn't allow acquisition of non-forwardable tickets
If a principal has the DISALLOW_FORWARDABLE attribute in the KDC, but
/etc/krb5.conf has forwardable = true, then it is impossible to obtain
a ticket using ksu ("KDC policy rejects request while getting initial
Would you be interested in a patch to implement a -F option (in the same
way as kinit) to explicitly request a non-forwardable ticket?
School of Informatics
University of Edinburgh
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.