[krbdev.mit.edu #2620] Don't expire contexts when tickets expire
DEEngert@anl.gov via RT
rt-comment at krbdev.mit.edu
Fri Jul 2 14:52:49 EDT 2004
Nicolas Williams wrote:
>
> On Fri, Jul 02, 2004 at 10:59:30AM -0500, Douglas E. Engert wrote:
> >
> >
> > Sam Hartman via RT wrote:
> > >
> > > we have agreed to a customer requirement that context expiration not
> > > happen when ticket expiration happens.
> > >
> > > The tricky part here is to figure out what gss_inquire_context should
> > > return. I'd really rather make the lifetime advisory but I'm not sure
> > > that is consistent with the spec.
> >
> > It may not be consistent, but it is the pratical thing to do.
> > This should be one of the issues for KITTEN.
>
> I disagree. You both know that. :/
Well the capability needs to be there, its just that GSS does not
know how to do both. A user could do equivelent functions, by using
GSS to securly exchange a private key, that the client and server could use
indefinitlyoutside of GSS. So what can't GSS be used to do the same thing?
>
> Nico
> --
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the krb5-bugs
mailing list