[krbdev.mit.edu #8761] ksu doesn't allow acquisition of non-forwardable tickets
Toby Blake via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Tue Nov 13 11:50:32 EST 2018
Hi,
If a principal has the DISALLOW_FORWARDABLE attribute in the KDC, but
/etc/krb5.conf has forwardable = true, then it is impossible to obtain
a ticket using ksu ("KDC policy rejects request while getting initial
credentials").
Would you be interested in a patch to implement a -F option (in the same
way as kinit) to explicitly request a non-forwardable ticket?
Cheers
Toby Blake
School of Informatics
University of Edinburgh
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the krb5-bugs
mailing list