Simo Sorce wrote:

If pkinit is configured anonymous tickets can be obtained.
To avoid impacting badly written applications that consider successful
authentication also implicit authorization, by default restrict
anonymous ticket to only be able to the TGTs. This is sufficient to
make FAST working with pkinit but will block any other usage unless the
admin explicitly decides to allow it by changing the kdc.conf file.

Ticket #432



Freeipa-devel mailing list

Reply via email to