[38961] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Query regarding S4U2Self protocol extension

daemon@ATHENA.MIT.EDU (Isaac Boukris)
Tue Jul 27 09:39:39 2021

MIME-Version: 1.0
In-Reply-To: <CAC-fF8TY=-5q1V8Vn2XLzqqEw8qD4fC1eVDy7_pjvGyTgG-nFg@mail.gmail.com>
From: Isaac Boukris <iboukris@gmail.com>
Date: Tue, 27 Jul 2021 16:36:23 +0300
Message-ID: <CAC-fF8QucOWFZG5SM-G7-00LyR5+avNmJc9+4r0fFVsb1ZpRWg@mail.gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: Vipul Mehta <vipulmehta.1989@gmail.com>, kerberos <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Note, for MIT I think we don't need the NonForwardableDelegation flag,
just need to behave as enabled and let the plugin's get_principal()
add 'TrustedToAuthForDelegation' if the list is empty. This could
simplify the KDC code as we don't need to check the PAC's
not-delegated flag, although some tests would need updating.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38961] in Kerberos

Re: Query regarding S4U2Self protocol extension

daemon@ATHENA.MIT.EDU (Isaac Boukris)Tue Jul 27 09:39:39 2021

daemon@ATHENA.MIT.EDU (Isaac Boukris)
Tue Jul 27 09:39:39 2021