flags for allowing tix
tlyu at MIT.EDU
Wed May 21 01:18:21 EDT 2008
Roland Dowdeswell <elric at imrryr.org> writes:
> I've noticed that in the MIT kdc there are a number of flags for
> enabling and disabling the issuance of tickets in various circumstances.
> My thoughts on the topic began when I decided that I'd like a flag
> on a principal to disable AS_REQs _from_ that princ. This would
> make sense if you know that a principal will solely be used as a
> service and would never AS_REQ.
Could you please elaborate on the situations where you might want to
impose this restriction on a (service) principal? Keep in mind that
the principal will not be able to change its own key as long as that
flag is set.
I will grant that the non-orthogonality of the flags looks inelegant.
I also think that any attempt to make this set of flags more
orthogonal should also consider requests for user-to-user tickets.
More information about the krbdev