[krbdev.mit.edu #8761] ksu doesn't allow acquisition of non-forwardable tickets

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8761] ksu doesn't allow acquisition of non-forwardable tickets

Greg Hudson via RT-2
A ksu -F option seems reasonable, since it already has a -f option.  
Adding a -P option at the same time for symmetry seems appropriate,
although I don't think proxiable tickets are used with any frequency.

Ticket 7871 would also address this problem on the KDC side.  (But the
client changes are still valuable due to existing KDCs and other KDC
implementations.)
_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #8761] ksu doesn't allow acquisition of non-forwardable tickets

Greg Hudson via RT-2
> On 13 Nov 2018, at 16:57, Greg Hudson via RT <[hidden email]> wrote:
>
> A ksu -F option seems reasonable, since it already has a -f option.  
> Adding a -P option at the same time for symmetry seems appropriate,
> although I don't think proxiable tickets are used with any frequency.
>
> Ticket 7871 would also address this problem on the KDC side.  (But the
> client changes are still valuable due to existing KDCs and other KDC
> implementations.)

Thanks Greg.

A KDC side option would be preferred by us, as it's a lot easier to patch
the KDCs than all the clients, but as you say, fixing ksu in this way
would also be desirable.

Cheers
Toby


--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.


_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs