[Freeipa-devel] [PATCH] 0049 Restrict anonymous tickets to get only tgts
Rob Crittenden
rcritten at redhat.com
Wed Jan 12 21:55:04 UTC 2011
Simo Sorce wrote:
>
> If pkinit is configured anonymous tickets can be obtained.
> To avoid impacting badly written applications that consider successful
> authentication also implicit authorization, by default restrict
> anonymous ticket to only be able to the TGTs. This is sufficient to
> make FAST working with pkinit but will block any other usage unless the
> admin explicitly decides to allow it by changing the kdc.conf file.
>
> Ticket #432
>
> Simo.
ack
More information about the Freeipa-devel
mailing list