--On Wednesday, June 18, 2008 04:54:04 PM -0400 Ken Raeburn
<[EMAIL PROTECTED]> wrote:
> On Jun 18, 2008, at 16:33, Jeffrey Altman wrote:
>> I believe that the meaning of allow_tix should be altered such that
>> it only applies to the client
>> in a TGS or AS request. This would permit -allow_ti
Klaus Heinrich Kiwi wrote:
On Wed, 2008-06-18 at 16:54 -0400, Ken Raeburn wrote:
I think it should be pointed out that such a change would allow
tickets to start being issued where currently they would not when the
KDC software gets updated -- even if the latter really was the intent
of the
On Wed, 2008-06-18 at 16:54 -0400, Ken Raeburn wrote:
> I think it should be pointed out that such a change would allow
> tickets to start being issued where currently they would not when the
> KDC software gets updated -- even if the latter really was the intent
> of the realm administrator.
On Wed, Jun 18, 2008 at 04:54:04PM -0400, Ken Raeburn wrote:
> On Jun 18, 2008, at 16:33, Jeffrey Altman wrote:
> > I believe that the meaning of allow_tix should be altered such that
> > it only applies to the client
> > in a TGS or AS request. This would permit -allow_tix to be applied
> > t
On Jun 18, 2008, at 16:33, Jeffrey Altman wrote:
> I believe that the meaning of allow_tix should be altered such that
> it only applies to the client
> in a TGS or AS request. This would permit -allow_tix to be applied
> to a service principal
> and ensure that no client ticket requests can b
I apologize for the cross-posting but I believe that in order for this
proposal
receive adequate feedback that it must be discussed among both the MIT
Kerberos
administrator and MIT Kerberos Developer communities.
In the current implementation of the MIT KDC there are two principal policy
flags