ok as delegate

Paul Moore paul.moore at centrify.com
Tue Apr 11 17:07:01 EDT 2006

Apologies if this has been debated before.
1510 says that the ok as delegate flag should be used by a client to
disable or enable the forwarding of a tgt to a machine. 
The current MIT implementation does not pay attention to this flag at
all (apart from klist). Certainly the gssapi layer could easily be
modified to do this. For older things (like telnet) they would have to
be modified on a case by case basis.
Is there any reason why this check is not done?

More information about the krbdev mailing list