[krbdev.mit.edu #2641] KRB5_KDB_DISALLOW_SVR flag unnecessarily prevents User2User
kenh@cmf.nrl.navy.mil via RT
rt-comment at krbdev.mit.edu
Wed Jul 21 12:25:32 EDT 2004
> kenh at cmf> FWIW, I think people expect U2U to work all of the time
> kenh at cmf> (while I think that there may be some reason I can't
> kenh at cmf> imagine for people to want to turn it off, all of the
> kenh at cmf> ones I'm aware of are inadvertent because they turned
> kenh at cmf> off allow_svr on user principals). And as I read
> kenh at cmf> things, allow_svr is off by default.
>
>I'm thinking of cases where the principal is partially or fully
>disabled.
By "fully" disabled, you mean they set DISALLOW_ALL_TIX, right? As
I read the patch, that wouldn't affect that; if you set it, it would
still disallow U2U for that principal. And I guess I don't know
what partially disabled is, exactly.
--Ken
More information about the krb5-bugs
mailing list