Received: from ginger.cmf.nrl.navy.mil (ginger.cmf.nrl.navy.mil [134.207.10.161]) by krbdev.mit.edu (8.9.3p2) with ESMTP id OAA26041; Tue, 20 Jul 2004 14:20:08 -0400 (EDT)
Received: from cmf.nrl.navy.mil (elvis.cmf.nrl.navy.mil [134.207.10.38]) (authenticated bits=0) by ginger.cmf.nrl.navy.mil (8.12.11/8.12.11) with ESMTP id i6KIJxS9014085 for <rt@krbdev.mit.edu>; Tue, 20 Jul 2004 14:19:59 -0400 (EDT)
Message-Id: <200407201819.i6KIJxS9014085@ginger.cmf.nrl.navy.mil>
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2641] KRB5_KDB_DISALLOW_SVR flag unnecessarily prevents User2User 
In-Reply-To: <rt-2641-11495.13.2395886953869@krbdev.mit.edu> 
X-Face: "Evs"_GpJ]],xS)b$T2#V&{KfP_i2`TlPrY$Iv9+TQ!6+`~+l)#7I)0xr1>4hfd{#0B4 WIn3jU;bql;{2Uq%zw5bF4?%F&&j8@KaT?#vBGk}u07<+6/`.F-3_GA@6Bq5gN9\+s;_d gD\SW #]iN_U0 KUmOR.P<|um5yP<ea#^"SJK;C*}fMI;Mv(aiO2z~9n.w?@\>kEpSD@*e`
Date: Tue, 20 Jul 2004 14:19:59 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
X-Spam-Score: () hits=0 User Authenticated
X-Virus-Scanned: NAI Completed
X-Scanned-BY: MIMEDefang 2.30 (www . roaringpenguin . com / mimedefang)
RT-Send-Cc: 
X-RT-Original-Encoding: iso-8859-1
Content-Length: 536

>I'm a bit concerned because I believe that allow dup skey is the
>default.  I'm not sure that the behavior people expect when they turn
>off allow_svr is to enable user2user.
>
>I'd be interested in other comments on this.

FWIW, I think people expect U2U to work all of the time (while I think
that there may be some reason I can't imagine for people to want to
turn it off, all of the ones I'm aware of are inadvertent because they
turned off allow_svr on user principals).  And as I read things,
allow_svr is off by default.

--Ken