[krbdev.mit.edu #7871] KDC should not fail requests due to forwardable/proxiable option
Tom Yu via RT
rt-comment at krbdev.mit.edu
Thu Mar 27 17:07:28 EDT 2014
[ghudson - Tue Mar 4 11:48:56 2014]:
> I misread the Heimdal code. Its KDC behavior matches our current
> behavior of rejecting requests based on an unfulfillable forwardable or
> proxiable option.
Do we have confirmation that Windows issues tickets with the policy-denied flags cleared rather
than rejecting the request? Also, the RFCs do not appear to require the KDC to reject the
request if it can't fulfill the options.
More information about the krb5-bugs
mailing list