Hi Russ, thanks a lot for mentioning this. Putting forwardable = true in [libdefaults] just works like a charm :-)
Kind regards,
Holger
On Thu, 10 Dec 2009, Russ Allbery wrote:
> Holger Rauch <[email protected]> writes:
>
> > thanks for pointing this out. Indeed, that was the problem. What I
> > don't understand is that even though I have
>
> > forwardable = true
>
> > in both pam and kinit sections within [appdefaults] in my
> > /etc/krb5.conf, I still have to explicitly specify "kinit -f" in order
> > to get forwardable tickets. Any idea why? (I admit that this is sort of
> > OT and no really OpenAFS but rather Kerberos related).
>
> MIT Kerberos doesn't pay any attention to the [appdefaults] section for
> kinit. My PAM module pays attention to forwardable in the [appdefaults]
> section, but I'm not sure if the Red Hat version does.
>
> Putting forwardable = true in [libdefaults] configures the underlying
> Kerberos libraries and therefore tends to affect everything.
>
> --
> Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
--
=========================================
Holger Rauch
Entwicklung Anwendungs-Software
Systemadministration UNIX
Tel.: +49 / 9131 / 877 - 141
Fax: +49 / 9131 / 877 - 266
Email: [email protected]
=========================================
signature.asc
Description: Digital signature
