authentication indicators and S4U2Self
ghudson at mit.edu
Wed May 6 15:29:29 EDT 2020
On 5/6/20 2:20 PM, Alexander Bokovoy wrote:
> Together with Isaac we were looking into cross-realm S4U2Self
> implementation in FreeIPA and I noticed that MIT Kerberos does not allow
> to issue S4U2Self service ticket to a service protected with
> an authentication indicator.
I think we can just omit the indicator check for S4U2Self requests.
Restricting how strong the initial ticket acquisition must have been to
access a service has nothing to do with the service fetching tickets for
More information about the krbdev