[32731] in Kerberos
Re: Forwardable tickets - need help
daemon@ATHENA.MIT.EDU (egrama)
Wed Sep 29 17:09:19 2010
From: egrama <egrama@gmail.com>
Date: Sat, 25 Sep 2010 06:59:35 -0700 (PDT)
Message-ID: <2841d2fd-7a68-4acf-84a6-725263d1d0be@w19g2000yqb.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Nico, thank you for your help!
We are not using NAT, so I am not concerned about possible trouble
caused by using IP addresses
to control where a ticket can be used from.
I tried playing with the noaddresses option in krb5.conf: if I request
a ticket with address I get one, if I request one without I also get
one.
I would like to restrict this at kdc level so only tickets with
address are issued. Any idea if it can be done and how?
Emil
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
