On Mon, 2011-12-12 at 15:22 -0500, Rob Crittenden wrote: > This patch adds support for s4u2proxy. This means that the Apache > server > will obtain the ldap service ticket on behalf of the user rather than > the using having to send their TGT. The user's ticket still needs to > be > forwardable, we just don't require it to be forwarded any more.
Should we make the patch allow the old behavior by using a switch that revert to forwarding the TGT ? It would be useful during upgrades if some of your servers still need forwarded TGTs, or if you want to use a newer client against an old server while you have the newer stuff under test. (And to test in general). Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel