Request to change MIT Kerberos behavior when principal is expired, deleted or password changed

Edgecombe, Jason jwedgeco at uncc.edu
Thu Mar 6 14:31:02 EST 2014


Does Heimdal reject requests for expired/disabled accounts as well?

---------------------------------------------------------------------------
Jason Edgecombe | Linux and Solaris Administrator
UNC Charlotte | The William States Lee College of Engineering
9201 University City Blvd. | Charlotte, NC 28223-0001
Phone: 704-687-1943
jwedgeco at uncc.edu | http://engr.uncc.edu |  Facebook
---------------------------------------------------------------------------
If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943.  Thank you.


-----Original Message-----
From: Nico Williams [mailto:nico at cryptonector.com] 
Sent: Thursday, March 06, 2014 12:30 PM
To: Edgecombe, Jason
Cc: kerberos at mit.edu
Subject: Re: Request to change MIT Kerberos behavior when principal is expired, deleted or password changed

FWIW, Heimdal's TGS already does reject requests for clients whose
principals should exist int he local HDB but don't.  (Obviously this
can only be done when the client's realm is also a realm for which the
KDC has a database.)

Nico
--



More information about the Kerberos mailing list