Omit signedpath if no_auth_data_required is set

The no_auth_data_required bit was introduced to suppress PACs in service tickets when the back end supports them. Make it also suppress AD-SIGNEDPATH, so that the ~70-byte expansion of the ticket can be avoided for services which aren't going to do constrained delegation. ticket: 7697 (new)
author: Greg Hudson <ghudson@mit.edu> 2013-08-19 20:01:03 -0400
committer: Greg Hudson <ghudson@mit.edu> 2013-08-20 00:25:02 -0400
commit: eaaf406f5ab3224fc262da300476efa21b407bed (patch)
tree: 8efbcc809da665d9c43d33563e19b8066e8ba8e9 /doc/admin/admin_commands
parent: 5e1b506d2988ae2a3bc8fcbaa275bc1e5bd8b630 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/admin/admin_commands/kadmin_local.rst b/doc/admin/admin_commands/kadmin_local.rst
index a291b678c2..bcae5d4d26 100644
--- a/doc/admin/admin_commands/kadmin_local.rst
+++ b/doc/admin/admin_commands/kadmin_local.rst
@@ -284,6 +284,15 @@ Options:
     **+password_changing_service** marks this principal as a password
     change service principal.
 
+{-\|+}\ **ok_to_auth_as_delegate**
+    **+ok_to_auth_as_delegate** allows this principal to acquire
+    forwardable tickets to itself from arbitrary users, for use with
+    constrained delegation.
+
+{-\|+}\ **no_auth_data_required**
+    **+no_auth_data_required** prevents PAC or AD-SIGNEDPATH data from
+    being added to service tickets for the principal.
+
 **-randkey**
     Sets the key of the principal to a random value.
author	Greg Hudson <ghudson@mit.edu>	2013-08-19 20:01:03 -0400
committer	Greg Hudson <ghudson@mit.edu>	2013-08-20 00:25:02 -0400
commit	eaaf406f5ab3224fc262da300476efa21b407bed (patch)
tree	8efbcc809da665d9c43d33563e19b8066e8ba8e9 /doc/admin/admin_commands
parent	5e1b506d2988ae2a3bc8fcbaa275bc1e5bd8b630 (diff)