Question about excluding the PAC
ghudson at mit.edu
Fri Jan 25 17:56:39 EST 2019
On 1/25/19 4:56 PM, Schwartz, John wrote:
> I see that kinit has the option "--no-request-pac"
> Is there a similar way to do it from the krb5.conf or does it need a custom shared object?
There is no krb5.conf variable, but if you have control of the web
server C code which invokes krb5_get_init_creds_password(), you can do
it via a get_init_creds option. The relevant functions are:
Note that this option is new in release 1.15.
More information about the krbdev