Nico Williams <[email protected]> writes: > There's really no point to the /admin thing: since the server requires > INITIAL tickets there's no risk of use of stolen TGTs for accessing > kadmin, and if you were to have different pre-authentication > requirements for kadmin than for initial TGTs the protocol does allow > that.
Er, it's still a good security practice to use a separate set of credentials that you don't type into everything all the time to do your daily work. Particularly given that we still live in a world where there's a lot of SASL PLAIN over TLS. It also lets you do things like assign /admin principals randomized keys and require that people use PKINIT. So no, there is definitely a point. > So, yeah, I think it'd be a good idea to start making changes to kadmin > to stop insisting on /admin principals. There's no need to make it mandatory, but it already isn't mandatory, so I don't know what you're talking about. You just don't like the heuristics used when you don't explicitly specify a principal? -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
