Bug#390696: (no subject)
Russ Allbery
rra at debian.org
Tue Oct 3 04:25:18 UTC 2006
Frank Burkhardt <fbo3 at gmx.net> writes:
> On Mon, Oct 02, 2006 at 12:53:37PM -0700, Russ Allbery wrote:
>> I don't think it's appropriate to make this sort of policy decision in
>> the module. This is why there's a krb5.conf option to specify whether
>> you want forwardable tickets by default. Add:
>>
>> forwardable = true
>>
>> to the [libdefaults] section of your krb5.conf if you want programs
>> requesting Kerberos tickets to get forwardable ones.
> You're right, but that's already in my krb5.conf. However, it seems to
> be default to get forwardable TGTs.
In your original message, you said that you *weren't* getting forwardable
TGTs and you wanted to change the module so that you would. I think I'm
confused. If you put that configuration in your krb5.conf, does this
module obtain forwardable TGTs for you?
> The only chance to prevent kinit from getting forwardable ones is to add
> 'forwardable = false' to the libdefaults section.
kinit -F will get non-forwardable TGTs regardless of the setting in
krb5.conf.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the pkg-perl-maintainers
mailing list