[krbdev.mit.edu #2641] KRB5_KDB_DISALLOW_SVR flag unnecessarily prevents User2User
kenh@cmf.nrl.navy.mil via RT
rt-comment at krbdev.mit.edu
Tue Jul 20 14:20:11 EDT 2004
>I'm a bit concerned because I believe that allow dup skey is the
>default. I'm not sure that the behavior people expect when they turn
>off allow_svr is to enable user2user.
>
>I'd be interested in other comments on this.
FWIW, I think people expect U2U to work all of the time (while I think
that there may be some reason I can't imagine for people to want to
turn it off, all of the ones I'm aware of are inadvertent because they
turned off allow_svr on user principals). And as I read things,
allow_svr is off by default.
--Ken
More information about the krb5-bugs
mailing list