[19006] in Kerberos
Re: preauth
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Apr 3 10:16:23 2003
To: yo timo <bacolod85@yahoo.com>
From: Sam Hartman <hartmans@MIT.EDU>
Date: Thu, 03 Apr 2003 10:12:16 -0500
In-Reply-To: <20030403143637.78428.qmail@web13309.mail.yahoo.com> (yo timo's
message of "Thu, 3 Apr 2003 06:36:37 -0800 (PST)")
Message-ID: <87el4jipin.fsf@luminous.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
>>>>> "yo" == yo timo <bacolod85@yahoo.com> writes:
yo> If I set: 'default_principal_flags = +preauth' in kdc.conf
yo> thereby requireing preauth for all principals created
yo> thereafter will this interfere with host principals
yo> functionality in any way?
It should not under most circumstances.
It may create problems for existing client principals. The MIT code
has a dubious feature that preauth_required on a server principal
means that clients authenticating to that principal must be
preauthenticated. This may prevent previously existing client
principals from easily connecting to new services.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
