[28040] in Kerberos

home help back first fref pref prev next nref lref last post

Re: [modauthkerb] ok-as-delegate flag?

daemon@ATHENA.MIT.EDU (Stephen Frost)
Mon Jul 16 16:38:20 2007

Date: Mon, 16 Jul 2007 16:37:57 -0400
From: Stephen Frost <sfrost@snowman.net>
To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Message-ID: <20070716203757.GF4887@tamriel.snowman.net>
Mail-Followup-To: "Henry B. Hotz" <hotz@jpl.nasa.gov>,
	kerberos@mit.edu, modauthkerb-help@lists.sourceforge.net
MIME-Version: 1.0
In-Reply-To: <24D0C603-FC85-4613-B75F-4926C16E790C@jpl.nasa.gov>
Cc: modauthkerb-help@lists.sourceforge.net, kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============0302435052=="
Errors-To: kerberos-bounces@mit.edu


--===============0302435052==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="1etlzFEVDPCQxP5d"
Content-Disposition: inline


--1etlzFEVDPCQxP5d
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Henry B. Hotz (hotz@jpl.nasa.gov) wrote:
> In Heimdal it's ok-as-delegate, but it's not documented.  P-(  I suspect=
=20
> the same for MIT.  Try it!

Yeah, I tried it with a number of different permutations.

> Firefox uses the preference item mentioned to control forwarding.

Except that firefox must be falling back to the kerberos library...
delegation_uris is set up correctly, unless there's another option
you're aware of?

> I believe that MIT may have updated the client code to respect that flag=
=20
> recently, but I'm not sure how recently.

It seems like the *client* code has been updated to require the flag to
be set but the *server* side doesn't provide any way to set it!  For
example, the 'O' flag is listed in the klist documentation but there's
nothing in kadmin's help to set it in a princ.  Cc'ing the kerberos
list, perhaps someone there can shed some light on this.

	Thanks!

		Stephen

--1etlzFEVDPCQxP5d
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD4DBQFGm9clrzgMPqB3kigRAr9+AJY9xlCNjga90vwXTllul11KCm8gAKCHVA4/
+vrSmcy+kvJWxrlrlpfutQ==
=c42G
-----END PGP SIGNATURE-----

--1etlzFEVDPCQxP5d--

--===============0302435052==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

--===============0302435052==--

home help back first fref pref prev next nref lref last post