[37810] in Kerberos
Re: krbTicketFlags=0 or absent
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Dec 6 13:23:43 2016
To: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com>,
kerberos <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <b4fad733-e109-37f6-32f1-a9a8536843a2@mit.edu>
Date: Tue, 6 Dec 2016 13:23:23 -0500
MIME-Version: 1.0
In-Reply-To: <49db9042-5653-ad10-5c39-42104d967218@stroeder.com>
Content-Type: text/plain; charset="windows-1252"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 12/06/2016 11:24 AM, Michael Ströder wrote:
> What's the default for LDAP attribute 'krbTicketFlags' if absent?
It appears to be 0 (via KRB5_KDB_DEF_FLAGS).
> Or the other way:
> If user input of ticket flags in an admin UI would result in no ticket flags set
> at all (integer 0) should the attribute value be set to "0" or removed?
Either option seems okay. kdb5_ldap_util appears to set the value to 0
in this scenario, but it only creates the flag in the first place if a
flag option is specified.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
