[krbdev.mit.edu #5596] patch for providing a way to set the ok-as-delegate flag
nalin@redhat.com via RT
rt-comment at krbdev.mit.edu
Wed Jul 18 15:00:00 EDT 2007
On Wed, Jul 18, 2007 at 02:01:31PM -0400, DEEngert at anl.gov via RT wrote:
> It does not require the client to delegate! The Sandia mods are enforcing
> a local policy that will only delegate if the KDC says the server is trusted,
> and the client requests delagation, i.e. called krb5_fwd_tgt_creds() In effect
> doing what Windows clients and AD do by default.
Maybe I'm coming at this from the wrong direction. Is the intent to be
able to disallow credential delegation in cases when the application is
specifically requesting it?
More information about the krb5-bugs
mailing list