[14958] in athena10
Re: [Debathena] #1384: Disable DNS canonicalization for Kerberos
daemon@ATHENA.MIT.EDU (Debathena Trac)
Mon May 15 15:24:00 2017
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
From: "Debathena Trac" <debathena@mit.edu>
Cc: debathena@mit.edu
To: geofft@mit.edu, adehnert@mit.edu, andersk@mit.edu, ghudson@mit.edu
Date: Mon, 15 May 2017 19:23:49 -0000
Reply-To:
Message-ID: <057.11fc4c00f7c7c0c4b59040bd79f759ea@mit.edu>
In-Reply-To: <042.c9c2be0400160755d5b10fcd112754e7@mit.edu>
Content-Transfer-Encoding: 8bit
#1384: Disable DNS canonicalization for Kerberos
-----------------------+---------------------------------------
Reporter: geofft | Owner:
Type: defect | Status: new
Priority: normal | Milestone: The Distant Future
Component: -- | Resolution:
Keywords: | Fixed in version:
Upstream bug: |
-----------------------+---------------------------------------
Comment (by adehnert):
Replying to [comment:3 geofft]:
> Is there a reason to deny giving those keys or key aliases? I guess
they're probably denied by policy right now, but I'm curious if that would
be safe to change.
FWIW, so far as I can tell, these (probably) aren't denied by policy right
now -- I successfully got daemon/chiron (though didn't try for
host/chiron) a couple years ago. (I'm vaguely guessing nobody's actually
working on this, though.)
--
Ticket URL: <https://athena10.mit.edu/trac/ticket/1384#comment:6>
Debathena <http://debathena.mit.edu>
MIT Debathena Project
