Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31]) by krbdev.mit.edu (8.12.9) with ESMTP id l6HKRAHW024542; Tue, 17 Jul 2007 16:27:10 -0400 (EDT) Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.1/8.13.1) with ESMTP id l6HKR9Fc024925 for ; Tue, 17 Jul 2007 16:27:09 -0400 Received: from rapier.boston.redhat.com (rapier.boston.redhat.com [172.16.80.53]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l6HKR9sK027034 for ; Tue, 17 Jul 2007 16:27:09 -0400 Received: from rapier.boston.redhat.com (localhost.localdomain [127.0.0.1]) by rapier.boston.redhat.com (8.14.1/8.14.0) with ESMTP id l6HKR8c9010016 for ; Tue, 17 Jul 2007 16:27:08 -0400 Received: (from nalin@localhost) by rapier.boston.redhat.com (8.14.1/8.14.1/Submit) id l6HKR8U0010015 for rt-comment@krbdev.mit.edu; Tue, 17 Jul 2007 16:27:08 -0400 Date: Tue, 17 Jul 2007 16:27:08 -0400 From: Nalin Dahyabhai To: Sam Hartman via RT Subject: Re: [krbdev.mit.edu #5596] patch for providing a way to set the ok-as-delegate flag Message-ID: <20070717202708.GA9958@redhat.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Random-Fortune: Learn not only to find what you like, learn to like what you find. -- Anthony J. D'Angelo : The College Blue Book Organization: Red Hat, Inc. X-Department: OS Development X-Disclaimer: I am not a spokesmodel. Views expressed are my own. X-Key-ID: 78688BF5 X-Key-Fingerprint: 60BC AD87 AF51 3A00 8C99 0388 379B CE57 7868 8BF5 User-Agent: Mutt/1.5.16 (2007-06-09) RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 668 On Tue, Jul 17, 2007 at 04:11:28PM -0400, Sam Hartman via RT wrote: > Note that this is related to a similar issue that we've received from > Sandia. We should look at both in conjunction and should try to deal > with both soon. I have to confess that I'm not really familiar with using RT. Do you mean #2940? I steered clear of touching client libraries because I didn't think that always delegating credentials when the flag was set would be a popular idea. At first glance, though, it looks pretty easy to hack in. If it's useful, I can try to put something together, possibly with a configuration setting to allow disabling the new behavior. Thanks, Nalin