[krbdev.mit.edu #2641] KRB5_KDB_DISALLOW_SVR flag unnecessarily prevents User2User

Tue Jul 20 17:47:00 EDT 2004

>>>>> "kenh at cmf" == kenh at cmf nrl navy mil via RT <rt-comment at krbdev.mit.edu> writes:

    >> I'm a bit concerned because I believe that allow dup skey is
    >> the default.  I'm not sure that the behavior people expect when
    >> they turn off allow_svr is to enable user2user.
    >> 
    >> I'd be interested in other comments on this.

    kenh at cmf> FWIW, I think people expect U2U to work all of the time
    kenh at cmf> (while I think that there may be some reason I can't
    kenh at cmf> imagine for people to want to turn it off, all of the
    kenh at cmf> ones I'm aware of are inadvertent because they turned
    kenh at cmf> off allow_svr on user principals).  And as I read
    kenh at cmf> things, allow_svr is off by default.

I'm thinking of cases where the principal is partially or fully
disabled.