AFAIK no. Most are obvious-ish: disallow all, the client and server ones. The
hardware preauth one is just a placeholder for unimplemented functionality. JPL
never made much use of them.
The ok as delegate one could be important for AD interoperability if you do a
HTTP-Negotiate with web servers.
That’s just off the top of my head.
> On Feb 17, 2017, at 3:30 PM, Adam Lewenberg wrote:
>
> I am looking for documentation on the attributes that can be set on a
> principal. The only thing I could find is page 233 of Jason Garman's
> "Kerberos: The Definitive Guide" from 2003.
>
> The kadmin page *lists* the attributes, but is there a man page or Heimdal
> document page that *describes* what each attribute does and how it affects
> the principal?
>
> Thanks, Adam Lewenberg
>
Personal email. hbh...@oxy.edu