>>>>> "Nicolas" == Nicolas Williams <[EMAIL PROTECTED]> writes:
Nicolas> On Mon, Feb 04, 2002 at 02:21:43PM -0800, Booker C. Bense
Nicolas> wrote:
>> On Mon, 4 Feb 2002, Nicolas Williams wrote:
>>
>> > On Mon, Feb 04, 2002 at 08:12:20PM +0000, Paul Jakma wrote: >
>> > and thanks everyone for setting straight re: the idea of
>> ticket ACL's. > > :) > > Actually, I think that it would be a
>> good thing if there were an > authorization data type for
>> packing ticket ACLs (i.e., princ name > patterns) into
>> forwarded TGTs. The idea being that you could forward a > TGT
>> that is crippled and allows the receiver of it to get tickets
>> in > your name to only a few services.
>>
>> - I believe this is a "proxiable ticket". As far as I know
>> these exist only in theory, I have yet to find an application
>> that uses them.
Nicolas> A proxied ticket is just like a forwarded ticket, but the
Nicolas> former is a service ticket whereas the latter is a TGT.
But it seems you colud use proxy tickets to get what you want.
