ccache using linux Keyrings
Nicolas Williams
Nicolas.Williams at sun.com
Thu Apr 13 10:37:47 EDT 2006
On Wed, Apr 12, 2006 at 06:42:31PM -0700, Frank Cusack wrote:
> On April 12, 2006 6:37:25 PM -0700 Frank Cusack <fcusack at fcusack.com> wrote:
> > Sorry for my late entry into this thread, and more importantly, that I
> > haven't read the entire thread (I missed the beginning).
> >
> > What is the *point* of using a kernel keyring?
It's like a PAG.
> eh, I just thought of one, after reviewing some older messages in this
> thread. Can gssd be eliminated?
Probably not. See the "Solaris ssh pam_krb" thread on kerberos at mit.edu
two weeks ago.
You can't avoid some upcalls in general without putting too much
complexity into the kernel. Examples abound. E.g., do you want IKE
exchanges triggered by outgoing packets to be done in-kernel?
Nico
--
More information about the krbdev
mailing list