[krbdev.mit.edu #8925] [Comment] qualify_shortname default can be harmful in LAN setups
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Sun Jul 19 10:23:36 EDT 2020
https://krbdev.mit.edu/rt/Ticket/Display.html?id=8925
This is a comment. It is not sent to the Requestor(s):
In the previous comment, I meant to say S4U2Proxy, not S4U2Self. This wrinkle
cannot be ironed out, because krb5_get_credentials() can only see the evidence
ticket, not the client name within, so it cannot check the cache.
More information about the krb5-bugs
mailing list