[16204] in Kerberos-V5-bugs
Re: [krbdev.mit.edu #8761] ksu doesn't allow acquisition of
daemon@ATHENA.MIT.EDU (Toby Blake via RT)
Wed Nov 14 09:58:38 2018
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Toby Blake via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8761@krbdev.mit.edu>
Message-ID: <rt-8761-49164.18.5466890179995@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8761'":;
Date: Wed, 14 Nov 2018 09:58:07 -0500 (EST)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
> On 13 Nov 2018, at 16:57, Greg Hudson via RT <rt-comment@krbdev-prod-app-1.mit.edu> wrote:
>
> A ksu -F option seems reasonable, since it already has a -f option.
> Adding a -P option at the same time for symmetry seems appropriate,
> although I don't think proxiable tickets are used with any frequency.
>
> Ticket 7871 would also address this problem on the KDC side. (But the
> client changes are still valuable due to existing KDCs and other KDC
> implementations.)
Thanks Greg.
A KDC side option would be preferred by us, as it's a lot easier to patch
the KDCs than all the clients, but as you say, fixing ksu in this way
would also be desirable.
Cheers
Toby
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
