Simo Sorce wrote:
If pkinit is configured anonymous tickets can be obtained. To avoid impacting badly written applications that consider successful authentication also implicit authorization, by default restrict anonymous ticket to only be able to the TGTs. This is sufficient to make FAST working with pkinit but will block any other usage unless the admin explicitly decides to allow it by changing the kdc.conf file. Ticket #432 Simo.
ack _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel