Received: from cz.mit.edu (CARTER-ZIMMERMAN.MIT.EDU [18.18.3.197]) by krbdev.mit.edu (8.9.3p2) with ESMTP id RAA26150; Tue, 20 Jul 2004 17:46:58 -0400 (EDT)
Received: by cz.mit.edu (Postfix, from userid 8042) id 06FA5E0052; Tue, 20 Jul 2004 17:47:08 -0400 (EDT)
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2641] KRB5_KDB_DISALLOW_SVR flag unnecessarily prevents User2User
References: <rt-2641-11496.11.2018008388527@krbdev.mit.edu>
From: Sam Hartman <hartmans@mit.edu>
Date: Tue, 20 Jul 2004 17:47:08 -0400
In-Reply-To: <rt-2641-11496.11.2018008388527@krbdev.mit.edu> (rt-comment@krbdev.mit.edu's message of "Tue, 20 Jul 2004 14:20:11 -0400 (EDT)")
Message-Id: <tsl7jsyl5b7.fsf@cz.mit.edu>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
RT-Send-Cc: 
X-RT-Original-Encoding: us-ascii
Content-Length: 804

>>>>> "kenh@cmf" == kenh@cmf nrl navy mil via RT <rt-comment@krbdev.mit.edu> writes:

    >> I'm a bit concerned because I believe that allow dup skey is
    >> the default.  I'm not sure that the behavior people expect when
    >> they turn off allow_svr is to enable user2user.
    >> 
    >> I'd be interested in other comments on this.

    kenh@cmf> FWIW, I think people expect U2U to work all of the time
    kenh@cmf> (while I think that there may be some reason I can't
    kenh@cmf> imagine for people to want to turn it off, all of the
    kenh@cmf> ones I'm aware of are inadvertent because they turned
    kenh@cmf> off allow_svr on user principals).  And as I read
    kenh@cmf> things, allow_svr is off by default.

I'm thinking of cases where the principal is partially or fully
disabled.