* Russ Allbery [2007-03-16 15:11:20 -0700]:
Jeff is talking about additional functionality that several of us would
like to add to the Kerberos KDC that lets you create a new key (and hence
a keytab and hence pre-populate the KeyFile) without having the KDC
immediately start using it for
Sergio Gelato wrote:
* Russ Allbery [2007-03-16 15:11:20 -0700]:
Jeff is talking about additional functionality that several of us would
like to add to the Kerberos KDC that lets you create a new key (and hence
a keytab and hence pre-populate the KeyFile) without having the KDC
immediately
On Mar 17, 2007, at 08:48, Jeffrey Altman wrote:
Sergio Gelato wrote:
* Russ Allbery [2007-03-16 15:11:20 -0700]:
Jeff is talking about additional functionality that several of us
would
like to add to the Kerberos KDC that lets you create a new key
(and hence
a keytab and hence
Related question: if a given process has a PAG, is it possible for it
to spawn a process with no PAG (ie tokens get associated to the
userid, not a PAG)?
- a
Derrick J Brashear [EMAIL PROTECTED] writes:
Not currently
On Fri, 16 Mar 2007, Adam Megacz wrote:
Is there any option for the
Sergio Gelato [EMAIL PROTECTED] writes:
Out of curiosity, is AFS the only intended application for this?
It seems to me that the day AFS will finally use standard Kerberos 5
keytabs and per-server principals the problem will be much milder.
Granted, one may not want to wait that long.
No, it
Adam Megacz [EMAIL PROTECTED] writes:
Related question: if a given process has a PAG, is it possible for it to
spawn a process with no PAG (ie tokens get associated to the userid,
not a PAG)?
No. This is bug #3828 in RT.
--
Russ Allbery ([EMAIL PROTECTED])