Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 2046 From crawdad@gungnir.fnal.gov Thu Mar 28 10:25:34 2002 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id KAA06130 for ; Thu, 28 Mar 2002 10:25:34 -0500 (EST) Received: from fnal.gov (heffalump.fnal.gov [131.225.9.20]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id KAA09562 for ; Thu, 28 Mar 2002 10:25:33 -0500 (EST) Received: from gungnir.fnal.gov ([131.225.80.1]) by smtp.fnal.gov (PMDF V6.0-24 #37519) with ESMTP id <0GTO00EJ7W6LKT@smtp.fnal.gov> for krb5-bugs@mit.edu; Thu, 28 Mar 2002 09:25:33 -0600 (CST) Received: (from crawdad@localhost) by gungnir.fnal.gov (8.10.2+Sun/8.10.2) id g2SFPWM25016; Thu, 28 Mar 2002 09:25:32 -0600 (CST) Message-Id: <200203281525.g2SFPWM25016@gungnir.fnal.gov> Date: Thu, 28 Mar 2002 09:25:32 -0600 (CST) From: Matt Crawford Reply-To: crawdad@gungnir.fnal.gov To: krb5-bugs@mit.edu Cc: crawdad@gungnir.fnal.gov Subject: Need a way to allow user-to-user but not other TGS-REQs X-Send-Pr-Version: 3.99 >Number: 1081 >Category: krb5-kdc >Synopsis: enhancement request: allow user2user only >Confidential: no >Severity: non-critical >Priority: medium >Responsible: krb5-unassigned >State: open >Class: change-request >Submitter-Id: unknown >Arrival-Date: Thu Mar 28 10:26:00 EST 2002 >Last-Modified: >Originator: Matt Crawford >Organization: Fermilab >Release: krb5-1.2.3 >Environment: Sun Netra-1 Solaris 2.8 System: SunOS gungnir.fnal.gov 5.8 Generic_108528-08 sun4u sparc SUNW,Ultra-1 Architecture: sun4 >Description: KRB5_KDB_DISALLOW_SVR disallows all TGS requests for a given service principal. There needs to be away to disallow all but USER2USER. >How-To-Repeat: Test with sample uuclient/uuserver >Fix: Suggestions have appeared in krbdev list. I'm just being a good boy by putting this into the bug queue to keep it on the radar. >Audit-Trail: >Unformatted: