Ticket forwarding and IP addresses

Douglas E. Engert deengert at anl.gov
Fri Feb 8 12:48:15 EST 2002 

Nicolas Williams wrote:
> 
> On Fri, Feb 08, 2002 at 11:03:08AM -0600, Douglas E. Engert wrote:
> > Since the kinit has a -A noaddresses option, can this be
> > caried forward to forwardable tickets? i.e. if the TGT used
> > to get a forwardable ticket does not have addresses, don't
> > request addresses in a forwardable ticket.
> >
> > This looks like an easy change to krb5_fwd_tgt_creds.
> > Has anyone done this?
> 
> An addressless TGT can be forwarded anywhere. As such there should
> probably just be a shortcut
> 
> if (is_addressless(TGT)) {
>         forwarded_TGT = TGT;
>         return;
> }

Not in all cases. But It might be you are using a forwardable TGT to forward
a none forwardable TGT, so the options might be different. Times could also
be different... 
 


> 
> Nico
> --
> -DISCLAIMER: an automatically appended disclaimer may follow. By posting-
> -to a public e-mail mailing list I hereby grant permission to distribute-
> -and copy this message.-
> 
> Visit our website at http://www.ubswarburg.com
> 
> This message contains confidential information and is intended only
> for the individual named.  If you are not the named addressee you
> should not disseminate, distribute or copy this e-mail.  Please
> notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system.
> 
> E-mail transmission cannot be guaranteed to be secure or error-free
> as information could be intercepted, corrupted, lost, destroyed,
> arrive late or incomplete, or contain viruses.  The sender therefore
> does not accept liability for any errors or omissions in the contents
> of this message which arise as a result of e-mail transmission.  If
> verification is required please request a hard-copy version.  This
> message is provided for informational purposes and should not be
> construed as a solicitation or offer to buy or sell any securities or
> related financial instruments.

-- 

 Douglas E. Engert  <DEEngert at anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the Kerberos mailing list