On Mon, 4 Feb 2002, Nicolas Williams wrote: > On Mon, Feb 04, 2002 at 08:12:20PM +0000, Paul Jakma wrote: > > and thanks everyone for setting straight re: the idea of ticket ACL's. > > :) > > Actually, I think that it would be a good thing if there were an > authorization data type for packing ticket ACLs (i.e., princ name > patterns) into forwarded TGTs. The idea being that you could forward a > TGT that is crippled and allows the receiver of it to get tickets in > your name to only a few services.
- I believe this is a "proxiable ticket". As far as I know these exist only in theory, I have yet to find an application that uses them. - Booker c. Bense
