Skip Menu |

Subject: Documentation Error: allow_renewable flag in system admin guide
The current text of the allow_renewable policy flag reads:

The “-allow_renewable” option prohibits this principal from
obtaining renewable tickets. “+allow_renewable” clears this flag. In
effect, “-allow_renewable” sets the KRB5_KDB_DISALLOW_RENEWABLE flag on
the principal in the database.

This text is incomplete. When -allow_renewable is applied to a service
principal, this flag prevents service tickets from being issued for that
service that are renewable.