[modauthkerb] ok-as-delegate flag?
Stephen Frost
sfrost at snowman.net
Mon Jul 16 16:37:57 EDT 2007
* Henry B. Hotz (hotz at jpl.nasa.gov) wrote:
> In Heimdal it's ok-as-delegate, but it's not documented. P-( I suspect
> the same for MIT. Try it!
Yeah, I tried it with a number of different permutations.
> Firefox uses the preference item mentioned to control forwarding.
Except that firefox must be falling back to the kerberos library...
delegation_uris is set up correctly, unless there's another option
you're aware of?
> I believe that MIT may have updated the client code to respect that flag
> recently, but I'm not sure how recently.
It seems like the *client* code has been updated to require the flag to
be set but the *server* side doesn't provide any way to set it! For
example, the 'O' flag is listed in the klist documentation but there's
nothing in kadmin's help to set it in a princ. Cc'ing the kerberos
list, perhaps someone there can shed some light on this.
Thanks!
Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20070716/6d34c7ce/attachment.bin
More information about the Kerberos
mailing list