>>>>> "Paul" == Paul Jakma <[EMAIL PROTECTED]> writes:
Paul> On 21 Jan 2002, Sam Hartman wrote:
>> No, at worst a principal is granted access because a service
>> assuming the KDC does authorization is deployed in a realm
>> where this is not the case. The interop problem happens when
>> someone wants to deploy a service but realizes they cannot do
>> so because it requires authorization features their realm does
>> not support.
Paul> hmm..
>> I am aware of no widely deployed Kerberos applications without
>> authorization support.
Paul> pam_krb5?
The pam_krb5 I use certainly checks .k5login in the account step.
