Does Heimdal reject requests for expired/disabled accounts as well? --------------------------------------------------------------------------- Jason Edgecombe | Linux and Solaris Administrator UNC Charlotte | The William States Lee College of Engineering 9201 University City Blvd. | Charlotte, NC 28223-0001 Phone: 704-687-1943 [email protected] | http://engr.uncc.edu | Facebook --------------------------------------------------------------------------- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943. Thank you.
-----Original Message----- From: Nico Williams [mailto:[email protected]] Sent: Thursday, March 06, 2014 12:30 PM To: Edgecombe, Jason Cc: [email protected] Subject: Re: Request to change MIT Kerberos behavior when principal is expired, deleted or password changed FWIW, Heimdal's TGS already does reject requests for clients whose principals should exist int he local HDB but don't. (Obviously this can only be done when the client's realm is also a realm for which the KDC has a database.) Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
