[krbdev.mit.edu #2620] Don't expire contexts when tickets expire
Nicolas Williams via RT
rt-comment at krbdev.mit.edu
Wed Jul 7 00:40:26 EDT 2004
On Tue, Jul 06, 2004 at 01:46:02PM -0400, Sam Hartman via RT wrote:
> >>>>> "Nicolas" == Nicolas Williams via RT <rt-comment at krbdev.mit.edu> writes:
>
> Nicolas> Summary: Find a way to make context non-expiration
> Nicolas> optional. I don't think you will find a way to do so
> Nicolas> safely with the Kerberos V mechanism as it stands
> Nicolas> (rfc1964 and CFX).
>
> On the principle of those who care about a feature should figure out
> how to make it work, I'm interested in hearing suggestions from you on
> how to make this feature be optional. I believe I require that the
> default behavior be non-expiring contexts because I believe that
> creates a more usable experience.
You can't have that default. Deployed GSS applications rely on the
current default behaviour (expiring), thus we can't change it.
> If you don't come up with a good solution it probably will not be
> optional at least in the first cut.
You are proposing the change, not I, thus the onus of working out a
proposal that wouldn't break existing applications is on you.
That said, I won't mind helping to design this extension.
Nico
--
More information about the krb5-bugs
mailing list