[krbdev.mit.edu #7871] KDC should not fail requests due to forwardable/proxiable option
Tom Yu via RT
rt-comment at krbdev.mit.edu
Fri Mar 28 15:04:28 EDT 2014
[ghudson - Thu Mar 27 21:03:07 2014]:
> [tlyu - Thu Mar 27 17:07:28 2014]:
> > Do we have confirmation that Windows issues tickets with the policy-
> > denied flags cleared rather than rejecting the request?
>
> That's my memory from the last interop event. I don't have a written
> reference.
Silently declining to fulfill requested options like this might allow us to forgo the weird hack with
validate_forwardable() in kdc_util.c.
More information about the krb5-bugs
mailing list