Implement restrict_anonymous_to_tgt realm flag
authorGreg Hudson <ghudson@mit.edu>
Wed, 1 Dec 2010 20:01:46 +0000 (20:01 +0000)
committerGreg Hudson <ghudson@mit.edu>
Wed, 1 Dec 2010 20:01:46 +0000 (20:01 +0000)
commit9479352bf9c570659ebdc40561ac81a7eb292b08
tree3a4fc5078619402e8aba1386d2a99f58a207efc2
parentcdd631f3ec5c02f9c2983f459f944577a5a0c3e2
Implement restrict_anonymous_to_tgt realm flag

Implement a new realm flag to reject ticket requests from anonymous
principals to any principal other than the local TGT.  Allows FAST to
be deployed using anonymous tickets as armor in realms where the set
of authenticatable users must be constrained.

ticket: 6829
target_version: 1.9
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24547 dc483132-0cff-0310-8789-dd5450dbe970
doc/admin.texinfo
src/include/adm.h
src/include/k5-int.h
src/kdc/extern.h
src/kdc/kdc_util.c
src/kdc/main.c
src/lib/kadm5/admin.h
src/lib/kadm5/alt_prof.c
src/tests/t_anonpkinit.py
src/util/k5test.py