Received: from brmea-mail-2.sun.com (brmea-mail-2.Sun.COM [192.18.98.43]) by krbdev.mit.edu (8.12.9) with ESMTP id l6ILvkHW021478; Wed, 18 Jul 2007 17:57:46 -0400 (EDT) Received: from centralmail3brm.Central.Sun.COM ([129.147.62.199]) by brmea-mail-2.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l6ILvjPN029374 for ; Wed, 18 Jul 2007 21:57:45 GMT Received: from binky.Central.Sun.COM (binky.Central.Sun.COM [129.153.128.104]) by centralmail3brm.Central.Sun.COM (8.13.6+Sun/8.13.6/ENSMAIL,v2.2) with ESMTP id l6ILvj9W006934 for ; Wed, 18 Jul 2007 15:57:45 -0600 (MDT) Received: from binky.Central.Sun.COM (localhost [127.0.0.1]) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1) with ESMTP id l6ILvif7025012 for ; Wed, 18 Jul 2007 16:57:44 -0500 (CDT) Received: (from nw141292@localhost) by binky.Central.Sun.COM (8.14.1+Sun/8.14.1/Submit) id l6ILviSt025011 for rt@krbdev.mit.edu; Wed, 18 Jul 2007 16:57:44 -0500 (CDT) X-Authentication-Warning: binky.Central.Sun.COM: nw141292 set sender to Nicolas.Williams@sun.com using -f Date: Wed, 18 Jul 2007 16:57:44 -0500 From: Nicolas Williams To: rt@krbdev.mit.edu Subject: Re: [krbdev.mit.edu #5596] patch for providing a way to set the ok-as-delegate flag Message-ID: <20070718215744.GO24645@Sun.COM> Mail-Followup-To: rt@krbdev.mit.edu References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.7i RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 410 On Wed, Jul 18, 2007 at 05:13:08PM -0400, Sam Hartman via RT wrote: > OUr position is that changing current behavior is inappropriate. > However we'd like to add a new behavior that says "only delegate if > the flag is set on the ticket." I agree with this. But note that it effectively means additional client-side knobs for telnet, ftp, rlogin, rsh, ssh, etcetera, and/or in krb5.conf. Painful. Nico --