An alternative plan for principal mapping
Sam Hartman
hartmans at MIT.EDU
Wed Aug 2 22:33:11 EDT 2006
>>>>> "S" == S Rahul <srahul at novell.com> writes:
S> Yes. The admin can choose not to apply user's login policy to
S> the principal. About having a krb specific login policy for the
S> principal ... when a principal belongs to a user, shouldn't the
S> principal inherit the login policy of the user (set in the
S> directory) ?
My /admin instance probably wants a more strict policy.
My /dialup or /lowpriv instances may want a less restrictive login policy.
I think the only good answer to your question is that sometimes, the
same login policy should be applied.
--Sam
More information about the krbdev
mailing list