[2330] in Kerberos-V5-bugs
pending/90: default_principal_flags: how to use - Krb5 beta6
daemon@ATHENA.MIT.EDU (Randall S. Winchester)
Thu Oct 10 01:31:29 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, "Randall S. Winchester" <rsw@Glue.umd.edu>
Date: Thu, 10 Oct 1996 01:30:27 -0400 (EDT)
From: "Randall S. Winchester" <rsw@Glue.umd.edu>
To: krb5-bugs@MIT.EDU
>Number: 90
>Category: pending
>Synopsis: default_principal_flags: how to use - Krb5 beta6
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Oct e 01:31:01 EDT 1996
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
greping through the source I found the following.
static const char flags_pdate_in[] = "postdateable";
static const char flags_fwd_in[] = "forwardable";
static const char flags_renew_in[] = "renewable";
static const char flags_proxy_in[] = "proxiable";
static const char flags_pdate_out[] = "Not Postdateable";
static const char flags_fwd_out[] = "Not Forwardable";
static const char flags_renew_out[] = "Not renewable";
static const char flags_proxy_out[] = "Not proxiable";
static const char flags_default_neg[] = "-";
static const char flags_default_sep[] = " ";
Much latter I found the krb5strings manpage, but it does not get installed.
From the kdc.conf man page I am assuming one can add something like the
following to the [realms] area:
default_principal_flags = -forwardable -proxiable "Not renewable"
or some such. However I do not seem to be able to get anything to pay
attention to this. In particular I would like to be able to turn off
forwarding, but "kinit -f", "rlogin -f" and a subsequent "klist -f"
all show forwardable or forwarded tickets.
What am I missing?
Thanks,
Randall
