Hi Kai,
I'm not convinced that the authorization data should be copied from TGT to
Service Ticket. For example, the JWT token could contain some roles
targeted at the KDC (via the audience of the token). Adding this data to
service tickets would mean that the roles only intended for the KDC could
Yes that's right.
Colm.
On Fri, Jul 15, 2016 at 2:08 AM, Li, Jiajia wrote:
> I think "remove the line in Extension.java to set critical " can solve
> this issue, is it right, @Colm?
>
> Regards,
> Jiajia
>
> -Original Message-
> From: Zheng, Kai
> Sent: Friday, July 15, 2016 6:30 AM
> T