[28732] in Kerberos
Re: Enabling preauthentication on linux kdc
daemon@ATHENA.MIT.EDU (John Hascall)
Wed Nov 14 08:10:30 2007
To: sgouris@gmail.com
In-reply-to: Your message of Wed, 14 Nov 2007 12:15:19 +0000.
<1195042519.728190.130960@19g2000hsx.googlegroups.com>
Date: Wed, 14 Nov 2007 07:09:59 CST
Message-ID: <7328.1195045799@malison.ait.iastate.edu>
From: John Hascall <john@iastate.edu>
Cc: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> Hi,
>
> I have a question regarding enabling kerberos pre-authentication on
> [realms]
> NEVISTEST.COM = {
> require-preauth = yes
> default_principal_flags = +preauth
I've never heard of 'require-preauth = yes' as a config file option.
Setting 'default_principal_flags' only effects principals you create
when it is in effect -- it doesn't touch existing principals -- you
will need to use the modprinc command of the kadmin program to set
the requires_preauth flag on any existing principals.
John
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
