Hmm, yeah, I can't get tickets to a service with -allow_tix on it. I'll have to look into why if that's supposed to work, I made a couple modifications to my KDC in this area a while back.
Chris On Mon, Jan 8, 2018 at 20:24 Chris Hecker <[email protected]> wrote: > > Ah, I assumed that was symmetric for some reason. I obviously need to be > able to get tickets for these services. Not sure why I thought that. I'll > check it out, thanks! > > Chris > > > On Mon, Jan 8, 2018 at 20:15 Russ Allbery <[email protected]> wrote: > >> Chris Hecker <[email protected]> writes: >> >> > Ah. Is there any way to prevent a service princ from being able to get >> > tickets? >> >> > As in, if one of my service keytabs is compromised, can I prevent those >> > princs from being used like a normal user princ? >> >> I think you want -allow_tix. >> >> -- >> Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/ >> > >> > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
