On 12/06/2016 11:24 AM, Michael Ströder wrote:
> What's the default for LDAP attribute 'krbTicketFlags' if absent?
It appears to be 0 (via KRB5_KDB_DEF_FLAGS).
> Or the other way:
> If user input of ticket flags in an admin UI would result in no ticket flags
> set
> at all (integer 0) should the
Meeting password: 39DFZpD6
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
HI!
What's the default for LDAP attribute 'krbTicketFlags' if absent?
Or the other way:
If user input of ticket flags in an admin UI would result in no ticket flags set
at all (integer 0) should the attribute value be set to "0" or removed?
Ciao, Michael.
smime.p7s
Description: S/MIME Cryptog
Although with Linux you can manually list all the machines in one realm
and all the machines in the other and have your clients/kdc try to cope,
you can't really do that easily on the Windows side. AD KDCs assume that
they control all names in a DNS domain, so they will not cooperate if
some of the
If you are on linux *I think* this is functionality that sssd does out of
the box although I've never tested it.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/Configuring_Domains.html
On 5 December 2016 at 19:15, Nordgren, Bryce L -FS
wrote:
> The
