On Mon, Oct 02, 2006 at 12:53:37PM -0700, Russ Allbery wrote: [snip]
> I don't think it's appropriate to make this sort of policy decision in the > module. This is why there's a krb5.conf option to specify whether you > want forwardable tickets by default. Add: > > forwardable = true > > to the [libdefaults] section of your krb5.conf if you want programs > requesting Kerberos tickets to get forwardable ones. You're right, but that's already in my krb5.conf. However, it seems to be default to get forwardable TGTs. The only chance to prevent kinit from getting forwardable ones is to add 'forwardable = false' to the libdefaults section. Regards, Frank -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
