From: | Toby Blake <toby@inf.ed.ac.uk> |
Subject: | ksu doesn't allow acquisition of non-forwardable tickets |
Date: | Fri, 9 Nov 2018 16:22:42 +0000 |
To: | krb5-bugs@mit.edu |
Hi,
If a principal has the DISALLOW_FORWARDABLE attribute in the KDC, but
/etc/krb5.conf has forwardable = true, then it is impossible to obtain
a ticket using ksu ("KDC policy rejects request while getting initial
credentials").
Would you be interested in a patch to implement a -F option (in the same
way as kinit) to explicitly request a non-forwardable ticket?
Cheers
Toby Blake
School of Informatics
University of Edinburgh
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
If a principal has the DISALLOW_FORWARDABLE attribute in the KDC, but
/etc/krb5.conf has forwardable = true, then it is impossible to obtain
a ticket using ksu ("KDC policy rejects request while getting initial
credentials").
Would you be interested in a patch to implement a -F option (in the same
way as kinit) to explicitly request a non-forwardable ticket?
Cheers
Toby Blake
School of Informatics
University of Edinburgh
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.