>>>>> "Paul" == Paul Jakma <[EMAIL PROTECTED]> writes:
Paul> On 21 Jan 2002, Sam Hartman wrote: >> No, at worst a principal is granted access because a service >> assuming the KDC does authorization is deployed in a realm >> where this is not the case. The interop problem happens when >> someone wants to deploy a service but realizes they cannot do >> so because it requires authorization features their realm does >> not support. Paul> hmm.. >> I am aware of no widely deployed Kerberos applications without >> authorization support. Paul> pam_krb5? The pam_krb5 I use certainly checks .k5login in the account step.