krbTicketFlags=0 or absent
Greg Hudson
ghudson at mit.edu
Tue Dec 6 13:23:23 EST 2016
On 12/06/2016 11:24 AM, Michael Ströder wrote:
> What's the default for LDAP attribute 'krbTicketFlags' if absent?
It appears to be 0 (via KRB5_KDB_DEF_FLAGS).
> Or the other way:
> If user input of ticket flags in an admin UI would result in no ticket flags set
> at all (integer 0) should the attribute value be set to "0" or removed?
Either option seems okay. kdb5_ldap_util appears to set the value to 0
in this scenario, but it only creates the flag in the first place if a
flag option is specified.
More information about the Kerberos
mailing list