kadmin: Add auth-data-reqd attribute
This commit is contained in:
Nicolas Williams
committed by
Nico Williams
Nico Williams
parent
f126ea6d62
commit
cfd798faaf
@@ -473,25 +473,49 @@ The only policy supported by Heimdal is
|
|||||||
If a krb5 config file is given, it will be saved in the entry.
|
If a krb5 config file is given, it will be saved in the entry.
|
||||||
.Pp
|
.Pp
|
||||||
Possible attributes are:
|
Possible attributes are:
|
||||||
.Li new-princ ,
|
.Bl -tag -width Ds
|
||||||
.Li support-desmd5 ,
|
.It new-princ
|
||||||
.Li pwchange-service ,
|
not used
|
||||||
.Li disallow-client ,
|
.It support-desmd5
|
||||||
.Li disallow-svr ,
|
not used
|
||||||
.Li requires-pw-change ,
|
.It pwchange-service
|
||||||
.Li requires-hw-auth ,
|
for kadmin/admin style service principals
|
||||||
.Li requires-pre-auth ,
|
.It requires-pw-change
|
||||||
.Li allow-digest ,
|
force the user to change their password
|
||||||
.Li trusted-for-delegation ,
|
.It requires-hw-auth
|
||||||
.Li ok-as-delegate ,
|
.It requires-pre-auth
|
||||||
.Li disallow-all-tix ,
|
.It allow-digest
|
||||||
.Li disallow-dup-skey ,
|
allow NTLM for this user in the KDC's digest service
|
||||||
.Li disallow-proxiable ,
|
.It trusted-for-delegation
|
||||||
.Li disallow-renewable ,
|
.It ok-as-delegate
|
||||||
.Li disallow-tgt-based ,
|
allow forwarding of tickets to this service principal
|
||||||
.Li disallow-forwardable ,
|
.It disallow-client
|
||||||
.Li disallow-postdated ,
|
disallow issuance of tickets for this principal as a client
|
||||||
.Li no-auth-data-reqd
|
.It disallow-svr
|
||||||
|
disallow issuance of tickets for this principal as a server
|
||||||
|
.It disallow-all-tix
|
||||||
|
disallow issuance of tickets for this principal as a client or
|
||||||
|
server
|
||||||
|
.It disallow-dup-skey
|
||||||
|
not used
|
||||||
|
.It disallow-proxiable
|
||||||
|
disallow proxiable tickets
|
||||||
|
.It disallow-renewable ,
|
||||||
|
disallow reneable tickets
|
||||||
|
.It disallow-tgt-based ,
|
||||||
|
require initial tickets for this service, such as password
|
||||||
|
changing services
|
||||||
|
.It disallow-forwardable
|
||||||
|
disallow forwardable tickets
|
||||||
|
.It disallow-postdated
|
||||||
|
disallow postdated tickets
|
||||||
|
.It no-auth-data-reqd
|
||||||
|
do not include a PAC in tickets issued to this service
|
||||||
|
.It auth-data-reqd
|
||||||
|
do include a PAC in tickets issued to this service even if the
|
||||||
|
.Li disable_pac
|
||||||
|
KDC configuration parameter is set to true
|
||||||
|
.El
|
||||||
.Pp
|
.Pp
|
||||||
Attributes may be negated with a "-", e.g.,
|
Attributes may be negated with a "-", e.g.,
|
||||||
.Pp
|
.Pp
|
||||||
|
|||||||
@@ -47,6 +47,7 @@ get_response(const char *prompt, const char *def, char *buf, size_t len);
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
struct units kdb_attrs[] = {
|
struct units kdb_attrs[] = {
|
||||||
|
{ "auth-data-reqd", KRB5_KDB_AUTH_DATA_REQUIRED },
|
||||||
{ "no-auth-data-reqd", KRB5_KDB_NO_AUTH_DATA_REQUIRED },
|
{ "no-auth-data-reqd", KRB5_KDB_NO_AUTH_DATA_REQUIRED },
|
||||||
{ "disallow-client", KRB5_KDB_DISALLOW_CLIENT },
|
{ "disallow-client", KRB5_KDB_DISALLOW_CLIENT },
|
||||||
{ "virtual", KRB5_KDB_VIRTUAL },
|
{ "virtual", KRB5_KDB_VIRTUAL },
|
||||||
|
|||||||
Reference in New Issue
Block a user