[38279] in Kerberos
Environment variable for client flags?
daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Sat Jul 7 14:30:17 2018
From: John Devitofranceschi <jdvf@optonline.net>
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
Message-Id: <631B0F22-7025-4E58-A3FD-FB11A407D99E@optonline.net>
Date: Sat, 7 Jul 2018 14:29:56 -0400
To: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============2179763481518530666=="
Errors-To: kerberos-bounces@mit.edu
--===============2179763481518530666==
Content-Type: multipart/signed;
boundary="Apple-Mail=_B49483B8-486D-49B0-BBCC-B1A3BCC57BB8";
protocol="application/pkcs7-signature"; micalg=sha1
--Apple-Mail=_B49483B8-486D-49B0-BBCC-B1A3BCC57BB8
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
Has an environment variable for client flags ever been considered?
The specific use case I=E2=80=99m thinking about is a situation where a =
user may want to override a system-wide configuration without the =
overhead of managing their own KRB5_CONFIG file.
Example: krb5.conf specifies that forwardable tickets are to be =
requested but a principal is defined which disallows the use of =
forwardable credentials. If the user could define an environment =
variable that overrides this and other settings =
(KRB5_CLIENT_FLAGS=3D=E2=80=9Cforwardable=3Dfalse; ticket_lifetime=3D10m" =
for example) they could more easily use a keytab with =
KRB5_CLIENT_KTNAME, and MEMORY-based credentials.
Any of the settable flags that one can define kinit command line could =
be set in the variable.
jd=
--Apple-Mail=_B49483B8-486D-49B0-BBCC-B1A3BCC57BB8
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIF6DCCBeQw
ggPMoAMCAQICAxLKjjANBgkqhkiG9w0BAQ0FADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL
ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp
dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xNzAzMTIxNzEzMThaFw0x
OTAzMTIxNzEzMThaMIGFMR4wHAYDVQQDExVKb2huIERldml0b2ZyYW5jZXNjaGkxITAfBgkqhkiG
9w0BCQEWEmpkdmZAb3B0b25saW5lLm5ldDEfMB0GCSqGSIb3DQEJARYQamR2ZkBob3RtYWlsLmNv
bTEfMB0GCSqGSIb3DQEJARYQZm9vbm9uQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK4hgmTqZnFEjGB/yk+/J5guSzz71ZVuemKLvEmRvDznUHJ/o8+NqgdWc87WILzB
8cCgfvjR8gtCe555md2xYof9NrNuFShKfTpP5mvG/ny4RYn1uq6FVgY5qBgz+4UDzE3W1ZniRIT6
EruOeawVpsl03AmaSbQNPXZTpxr6BiIfdnhEexuxXdJX9ytMM2yf20U/L/hmIuu+ML9bvXdsJNHn
iytTxDxB4v1BaplLKnQIvr8nvP8MuaOSUDP6SrAOkXgLFG0lqB6YLSW66aj1i1YHkQDK95iO+X0C
3l7iLJvCiVnG/PTFNdu2mZrJ0KzVzI0SJwvH4v0qSMcc8WaQ55cCAwEAAaOCAWYwggFiMAwGA1Ud
EwEB/wQCMAAwVgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3Ig
RlJFRSBoZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMA4GA1UdDwEB/wQEAwIDqDBA
BgNVHSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCG
SAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2VydC5v
cmcwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5jcmwwQQYD
VR0RBDowOIESamR2ZkBvcHRvbmxpbmUubmV0gRBqZHZmQGhvdG1haWwuY29tgRBmb29ub25AZ21h
aWwuY29tMA0GCSqGSIb3DQEBDQUAA4ICAQC2uTTSiclC649DuZ4wZpxkBUx15elSc1ez7SPjtPUW
oTK/wPgDPK93oWrzRrDEGwDnZeH6NB3odNuNC4rzkL9N9SWTcic/s56owVlN/LUGDhn8cXOJ/Aw/
3b0VrX66GbL/XNhe8/Ttw3DVPZveHsQzhTR9F0GQjInWl6jPS3q6tozwTawpFb7miP8LP3vWlNxL
QouvuJhBTbE2lhWws4GEErKb+g5M8EJE4LWAfwTLXqs1U1PGo9barPQkxCA7Vy7hL8Ry6pXVDNlz
hA0I+xM7ov+YquRy9yFfMPRunE/PYI3E4BFbWzginnXQ0s2kgyIt6qy1CeW/vrO+B6CZ+kXzr90f
5sMeeowmIf3UQibevmDqZ2opG2HbdUdOYxVLc1VdqwQ5VYyBvmYafu+S+p44x9Q/1rgyCDLF/Ecn
60xjCRvzIT23s/2/NU5evCGRta2Zo1e4fGcm8zsmfyPwZGkIPCXcE8Q9jZA6M2dJaM+psQMUg5Bf
bhXtFQTaj+lrZwmfWFnbWB+wd5hlDcnJRtw+wf/cknndHNYiwIsn4GDzojy5d9N8+3y/ompR0+Dw
cCzUDLkBvMu79N5Q1r663nE7umkYZBtmhhMbMN5+77ddJSIqf5MaOAO/QuAKOjmKsWSUv9uZH0oH
75GpU9OYJhOVUG9xfpbvY4vhBiAWJj12DTGCAzMwggMvAgEBMIGAMHkxEDAOBgNVBAoTB1Jvb3Qg
Q0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWdu
aW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMSyo4wCQYF
Kw4DAhoFAKCCAYcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTgw
NzA3MTgyOTU2WjAjBgkqhkiG9w0BCQQxFgQUA5R8YtpPlVyxQoYPI7xsTbBbNREwgZEGCSsGAQQB
gjcQBDGBgzCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2Vy
dC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEW
EnN1cHBvcnRAY2FjZXJ0Lm9yZwIDEsqOMIGTBgsqhkiG9w0BCRACCzGBg6CBgDB5MRAwDgYDVQQK
EwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENl
cnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwID
EsqOMA0GCSqGSIb3DQEBAQUABIIBAEDUGqJ/oAfQSO2p8eaUZ3WpM5WQrZlP3nvXACqDtEGVVoJs
GELkKvxF7pA+sZDdiW+D1q1sopDPOWm3LoxWzpLfVkYBlEtYtE5jcziW/DGcP79TE/DB50eRWE/m
JHRPFdNz7lcsskYOh+qPExRgcJiK1vqU06AoW2HwJkeTl9WcIkZ/ZhLs3wbTJGTkEhovRr6OtPKh
Ckr2/JUtsTUVSXD5J4gGGbDILO1IjaEmqBhylYBikGuwDpQUPu3LxmhZDPGRpPpc+pVa+W49p151
cmJqiO/RuXVJpWyU87u5MqQlpAl0VQjktFhM/PV2PsGzpbzrbyrjhJKUFXvcgNqAbNwAAAAAAAA=
--Apple-Mail=_B49483B8-486D-49B0-BBCC-B1A3BCC57BB8--
--===============2179763481518530666==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============2179763481518530666==--
