Possible enhancement request for extra krb5.conf parameter support for kinit

Greg Hudson ghudson at mit.edu
Wed May 13 14:02:10 EDT 2015

On 05/12/2015 07:37 PM, Neng Xue wrote:
> I am Neng Xue who works in Oracle Solaris Security group. Recently when 
> I was working on a kerberos related project I noticed that Solaris 
> kerberos has a quite handy krb5.conf [appdefaults] parameter support for 
> kinit command:
> forwardable=[true | false]
> Can forward tickets to a remote server.
> proxiable=[true | false]
> Sets the proxiable flag in all tickets.
> no_addresses=[true | false]
> Creates tickets with no address bindings.

We already support forwardable, proxiable, and noaddresses options under

> renewable=[true | false]
> Creates a TGT that can be renewed (prior to the ticket expiration time).

We support a renew_lifetime option under [libdefaults].  I don't know
what it would mean to request a renewable ticket without a specific
renewable lifetime.

More information about the krbdev mailing list