Possible enhancement request for extra krb5.conf parameter support for kinit
Greg Hudson
ghudson at mit.edu
Wed May 13 14:02:10 EDT 2015
On 05/12/2015 07:37 PM, Neng Xue wrote:
> I am Neng Xue who works in Oracle Solaris Security group. Recently when
> I was working on a kerberos related project I noticed that Solaris
> kerberos has a quite handy krb5.conf [appdefaults] parameter support for
> kinit command:
>
> forwardable=[true | false]
> Can forward tickets to a remote server.
>
> proxiable=[true | false]
> Sets the proxiable flag in all tickets.
>
> no_addresses=[true | false]
> Creates tickets with no address bindings.
We already support forwardable, proxiable, and noaddresses options under
[libdefaults].
> renewable=[true | false]
> Creates a TGT that can be renewed (prior to the ticket expiration time).
We support a renew_lifetime option under [libdefaults]. I don't know
what it would mean to request a renewable ticket without a specific
renewable lifetime.
More information about the krbdev
mailing list