Frank Burkhardt <[EMAIL PROTECTED]> writes: > On Mon, Oct 02, 2006 at 12:53:37PM -0700, Russ Allbery wrote:
>> I don't think it's appropriate to make this sort of policy decision in >> the module. This is why there's a krb5.conf option to specify whether >> you want forwardable tickets by default. Add: >> >> forwardable = true >> >> to the [libdefaults] section of your krb5.conf if you want programs >> requesting Kerberos tickets to get forwardable ones. > You're right, but that's already in my krb5.conf. However, it seems to > be default to get forwardable TGTs. In your original message, you said that you *weren't* getting forwardable TGTs and you wanted to change the module so that you would. I think I'm confused. If you put that configuration in your krb5.conf, does this module obtain forwardable TGTs for you? > The only chance to prevent kinit from getting forwardable ones is to add > 'forwardable = false' to the libdefaults section. kinit -F will get non-forwardable TGTs regardless of the setting in krb5.conf. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
