Hmm, yeah, I can't get tickets to a service with -allow_tix on it. I'll have to look into why if that's supposed to work, I made a couple modifications to my KDC in this area a while back.
Chris On Mon, Jan 8, 2018 at 20:24 Chris Hecker <chec...@d6.com> wrote: > > Ah, I assumed that was symmetric for some reason. I obviously need to be > able to get tickets for these services. Not sure why I thought that. I'll > check it out, thanks! > > Chris > > > On Mon, Jan 8, 2018 at 20:15 Russ Allbery <ea...@eyrie.org> wrote: > >> Chris Hecker <chec...@d6.com> writes: >> >> > Ah. Is there any way to prevent a service princ from being able to get >> > tickets? >> >> > As in, if one of my service keytabs is compromised, can I prevent those >> > princs from being used like a normal user princ? >> >> I think you want -allow_tix. >> >> -- >> Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/ >> > >> > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
