[krbdev.mit.edu #3035] Feature Request 2c for 1.5 (or whatever)
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Mon May 2 13:01:22 EDT 2005
On May 2, 2005, at 12:34, "Henry B. Hotz" via RT wrote:
> Ability to create a new cache storage context that won't leak
> permissions to its parent process(es). Getting admin rights in one
> window shouldn't imply those rights for every other window on my screen
> if I don't want it to.
You're basically describing something akin to AFS PAGs.
We're not going to reinvent PAGs, but for systems with similar
capabilities, we can explore using them. I believe someone is already
looking at using the new Linux kernel key-ring stuff for Kerberos
credentials.
Ken
More information about the krb5-bugs
mailing list