AdressLess Ticket restriction by KDC server side
Jeffrey Altman
jaltman at secure-endpoints.com
Tue Mar 25 12:27:44 EDT 2008
Andrea Cirulli wrote:
> The problem is properly that I'm in an environment in which there are
> some old clients, which doesn't request for addressless tickets and
> doesn't not care about the entry noaddresses= true.
>
> This is the reason for which I'm looking for a kdc server side solution.
>
> Andrea Cirulli
Feature requests can be sent to krb5-bugs at mit.edu.
Implementing what you desire has been done at other sites by patching
the KDC.
However, at least one site ran into problems when they discovered that
they had services
that were being used by the old clients that required the addresses in
the tickets.
The modification then became a per service principal option which indicated
whether or not addresses would be included.
Unfortunately, these changes are not publicly accessible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080325/998cb563/attachment.bin
More information about the Kerberos
mailing list