[OpenAFS] Unable to prevent KAS from granting tickets to
WIndows-Client
Derrick J Brashear
shadow@dementia.org
Tue, 27 Apr 2004 11:37:57 -0400 (EDT)
On Tue, 27 Apr 2004, Russ Allbery wrote:
> Derrick J Brashear <shadow@dementia.org> writes:
>
> > It's been a while, but you should be able to use expires NOW and expires
> > NEVER to lock and unlock accounts; I think this was set with kas setf but
> > I don't remember for sure.
>
> > NOTGS was probably never implemented for krb4 (as opposed to ka)
>
> NOTGS in the kaserver works correctly with MIT kinit -4. We've been using
> it for years to lock accounts. (Maybe I'm misunderstanding?)
Windows client uses the krb_udp interface, just as kinit -4 would, so I
dunno, then. I'd have to look at code which I suppose I can do, laater.
All the relevant stuff should be in src/kauth/krb_udp.c