diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-04-27 15:42:23 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-04-27 15:42:23 +0000 |
| commit | 55d0fcac60b575123e997abf583bc8cd501e8fae (patch) | |
| tree | 5eb4556fcffe50316aa9c74e12a0b9a8a3ec205b /src/kadmin/cli/kadmin.M | |
| parent | 10c0b36c72eb2b38811494c4fa2adbc734b66237 (diff) | |
| download | krb5-55d0fcac60b575123e997abf583bc8cd501e8fae.tar.gz krb5-55d0fcac60b575123e997abf583bc8cd501e8fae.tar.xz krb5-55d0fcac60b575123e997abf583bc8cd501e8fae.zip | |
Move KRB5_KDB_OK_AS_DELEGATE from kdb_ext.h to kdb.h. Add kadmin
support for the flag. In the KDC, remove the restriction on returning
the flag on cross-realm TGTs since there is now a defined meaning for
that (it allows ok-as-delegate to be honored on the foreign realm's
service tickets).
ticket: 5596
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22281 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/cli/kadmin.M')
| -rw-r--r-- | src/kadmin/cli/kadmin.M | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/kadmin/cli/kadmin.M b/src/kadmin/cli/kadmin.M index 165bf0c73..22c096de5 100644 --- a/src/kadmin/cli/kadmin.M +++ b/src/kadmin/cli/kadmin.M @@ -341,6 +341,16 @@ flag.) .B -requires_hwauth clears this flag. .TP +{\fB\-\fP|\fB+\fP}\fBok_as_delegate\fP +.B +ok_as_delegate +sets the OK-AS-DELEGATE flag on tickets issued for use with this principal +as the service, which clients may use as a hint that credentials can and +should be delegated when authenticating to the service. (Sets the +.SM KRB5_KDB_OK_AS_DELEGATE +flag.) +.B -ok_as_delegate +clears this flag. +.TP {\fB\-\fP|\fB+\fP}\fBallow_svr\fP .B -allow_svr prohibits the issuance of service tickets for this principal. (Sets the |