[29990] in Kerberos
Re: Proposal to change the meaning of -allow_tix +allow_svr aka
daemon@ATHENA.MIT.EDU (Klaus Heinrich Kiwi)
Thu Jun 19 09:18:12 2008
From: Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
To: Ken Raeburn <raeburn@MIT.EDU>
In-Reply-To: <BC4966C7-0FEC-4975-9AE0-CAD1161A06C7@mit.edu>
Date: Thu, 19 Jun 2008 10:16:16 -0300
Message-Id: <1213881376.17827.101.camel@klausk.br.ibm.com>
Mime-Version: 1.0
Cc: "krbdev@mit.edu List" <krbdev@MIT.EDU>,
Kerberos mailing list list <kerberos@MIT.EDU>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
On Wed, 2008-06-18 at 16:54 -0400, Ken Raeburn wrote:
> I think it should be pointed out that such a change would allow
> tickets to start being issued where currently they would not when the
> KDC software gets updated -- even if the latter really was the intent
> of the realm administrator. Because of that, we might instead want to
> create a new flag with the semantics Jeff wants, and leave the
> existing flag with its current (suboptimal) behavior.
Sorry if this question sounds silly, but how much of both these
solutions are implementation specific? Wouldn't such a change require
changes to the current RFC?
-Klaus
--
Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
Linux Security Development, IBM Linux Technology Center
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
