[modauthkerb] ok-as-delegate flag?

Stephen Frost sfrost at snowman.net
Mon Jul 16 16:37:57 EDT 2007


* Henry B. Hotz (hotz at jpl.nasa.gov) wrote:
> In Heimdal it's ok-as-delegate, but it's not documented.  P-(  I suspect 
> the same for MIT.  Try it!

Yeah, I tried it with a number of different permutations.

> Firefox uses the preference item mentioned to control forwarding.

Except that firefox must be falling back to the kerberos library...
delegation_uris is set up correctly, unless there's another option
you're aware of?

> I believe that MIT may have updated the client code to respect that flag 
> recently, but I'm not sure how recently.

It seems like the *client* code has been updated to require the flag to
be set but the *server* side doesn't provide any way to set it!  For
example, the 'O' flag is listed in the klist documentation but there's
nothing in kadmin's help to set it in a princ.  Cc'ing the kerberos
list, perhaps someone there can shed some light on this.

	Thanks!

		Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20070716/6d34c7ce/attachment.bin


More information about the Kerberos mailing list