On 8/15/19 10:01 AM, Charles Hedrick wrote: > I can actually do the combination of MIT libkrb5 and Heimdal KCM. I’m > assuming that the Mac has a normal Heimdal KCM.
It appears they differ in this regard. The kcm_access() function determines which clients see which caches, and the implementations are totally different in the upstream and Apple-customized Heimdal versions. The two versions can be seen here: https://opensource.apple.com/source/Heimdal/Heimdal-520.220.2/kcm/acl.c.auto.html https://github.com/heimdal/heimdal/blob/master/kcm/acl.c#L38 Apple's version only allows root to see "system" and root-owned caches, while upstream Heimdal's allows it to see everything. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
