[38160] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: -allow_tgs_req

daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Jan 8 23:42:17 2018

From: Russ Allbery <eagle@eyrie.org>
To: Chris Hecker <checker@d6.com>
In-Reply-To: <CAOdMLc0iaNJ-j_tcp3jDYpQqq074t9Re-St1yWX9wz3sQd3Bjg@mail.gmail.com>
	(Chris Hecker's message of "Tue, 09 Jan 2018 04:32:46 +0000")
Date: Mon, 08 Jan 2018 20:42:00 -0800
Message-ID: <874lnvej8n.fsf@hope.eyrie.org>
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Chris Hecker <checker@d6.com> writes:

> Right, I will disable the princ when I find out obviously, I just want
> the person to not be able to use it as a user princ to get tickets to
> other services in the meantime.  Does that make sense or am I missing
> something?

It makes sense -- I just don't think it's something that currently exists
in the KDC's permission model, at least so far as I can tell.  Although
it's entirely possible I'm missing something.

-- 
Russ Allbery (eagle@eyrie.org)              <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38160] in Kerberos

Re: -allow_tgs_req

daemon@ATHENA.MIT.EDU (Russ Allbery)Mon Jan 8 23:42:17 2018

daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Jan 8 23:42:17 2018