Extensible kadm5 policies
Roland C. Dowdeswell
elric at imrryr.org
Tue Nov 1 14:45:47 EDT 2011
On Tue, Nov 01, 2011 at 10:03:19AM -0700, Russ Allbery wrote:
>
> I would love to be able to set some principal flags via a policy as well.
> Things like disallow-forwardable and disallow-proxiable, for example, for
> root instance principals.
I agree with this. Another flag that would be quite nice to put
into policies would be -allow_srv which should be set on all
principals which have passwds to prevent dictionary attacks against
vended service tickets.
--
Roland Dowdeswell http://Imrryr.ORG/~elric/
More information about the krbdev
mailing list