Does Heimdal reject requests for expired/disabled accounts as well? --------------------------------------------------------------------------- Jason Edgecombe | Linux and Solaris Administrator UNC Charlotte | The William States Lee College of Engineering 9201 University City Blvd. | Charlotte, NC 28223-0001 Phone: 704-687-1943 jwedg...@uncc.edu | http://engr.uncc.edu | Facebook --------------------------------------------------------------------------- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943. Thank you.
-----Original Message----- From: Nico Williams [mailto:n...@cryptonector.com] Sent: Thursday, March 06, 2014 12:30 PM To: Edgecombe, Jason Cc: kerberos@mit.edu Subject: Re: Request to change MIT Kerberos behavior when principal is expired, deleted or password changed FWIW, Heimdal's TGS already does reject requests for clients whose principals should exist int he local HDB but don't. (Obviously this can only be done when the client's realm is also a realm for which the KDC has a database.) Nico -- ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos