[OpenAFS] Unable to prevent KAS from granting tickets to WIndows-Client

Derrick J Brashear shadow@dementia.org
Tue, 27 Apr 2004 11:37:57 -0400 (EDT)

On Tue, 27 Apr 2004, Russ Allbery wrote:

> Derrick J Brashear <shadow@dementia.org> writes:
> > It's been a while, but you should be able to use expires NOW and expires
> > NEVER to lock and unlock accounts; I think this was set with kas setf but
> > I don't remember for sure.
> > NOTGS was probably never implemented for krb4 (as opposed to ka)
> NOTGS in the kaserver works correctly with MIT kinit -4.  We've been using
> it for years to lock accounts.  (Maybe I'm misunderstanding?)

Windows client uses the krb_udp interface, just as kinit -4 would, so I
dunno, then. I'd have to look at code which I suppose I can do, laater.
All the relevant stuff should be in src/kauth/krb_udp.c