[krbdev.mit.edu #8761] ksu doesn't allow acquisition of non-forwardable tickets
Toby Blake via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Wed Nov 14 09:58:07 EST 2018
> On 13 Nov 2018, at 16:57, Greg Hudson via RT <rt-comment at krbdev-prod-app-1.mit.edu> wrote:
>
> A ksu -F option seems reasonable, since it already has a -f option.
> Adding a -P option at the same time for symmetry seems appropriate,
> although I don't think proxiable tickets are used with any frequency.
>
> Ticket 7871 would also address this problem on the KDC side. (But the
> client changes are still valuable due to existing KDCs and other KDC
> implementations.)
Thanks Greg.
A KDC side option would be preferred by us, as it's a lot easier to patch
the KDCs than all the clients, but as you say, fixing ksu in this way
would also be desirable.
Cheers
Toby
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the krb5-bugs
mailing list