ok as delegate

Wachdorf, Daniel R drwachd at sandia.gov
Tue Apr 11 17:10:19 EDT 2006

There was some discussion previously on the list as to why this is not
currently in the code base.

-----Original Message-----
From: krbdev-bounces at MIT.EDU [mailto:krbdev-bounces at MIT.EDU] On Behalf
Of Paul Moore
Sent: Tuesday, April 11, 2006 3:07 PM
To: krbdev at MIT.EDU
Subject: ok as delegate

Apologies if this has been debated before.
1510 says that the ok as delegate flag should be used by a client to
disable or enable the forwarding of a tgt to a machine. 
The current MIT implementation does not pay attention to this flag at
all (apart from klist). Certainly the gssapi layer could easily be
modified to do this. For older things (like telnet) they would have to
be modified on a case by case basis.
Is there any reason why this check is not done?
krbdev mailing list             krbdev at mit.edu

More information about the krbdev mailing list