An alternative plan for principal mapping

Sam Hartman hartmans at MIT.EDU
Wed Aug 2 22:33:11 EDT 2006

>>>>> "S" == S Rahul <srahul at> writes:

    S> Yes. The admin can choose not to apply user's login policy to
    S> the principal. About having a krb specific login policy for the
    S> principal ... when a principal belongs to a user, shouldn't the
    S> principal inherit the login policy of the user (set in the
    S> directory) ?

My /admin instance probably wants a more strict policy.
My /dialup or /lowpriv instances may want a less restrictive login policy.

I think the only good answer to your question is that sometimes, the
same login policy should be applied.


More information about the krbdev mailing list