[krbdev.mit.edu #8761] ksu doesn't allow acquisition of non-forwardable tickets

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8761] ksu doesn't allow acquisition of non-forwardable tickets

Greg Hudson via RT-2
Hi,

If a principal has the DISALLOW_FORWARDABLE attribute in the KDC, but
/etc/krb5.conf has forwardable = true, then it is impossible to obtain
a ticket using ksu ("KDC policy rejects request while getting initial
credentials").

Would you be interested in a patch to implement a -F option (in the same
way as kinit) to explicitly request a non-forwardable ticket?

Cheers
Toby Blake
School of Informatics
University of Edinburgh


--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.


_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs