Apps aquiring tickets (was Re: gssapi/openssh)

[Sam Hartman]

>>>>> "James" == James F Hranicky <jfh at cise.ufl.edu> writes:

    James> On Wed, 30 Apr 2003 18:25:47 +0100
    James> Simon Wilkinson <sxw at warspite.inf.ed.ac.uk> wrote:

    >> No, it doesn't. Philosophically, I don't think that its the job
    >> of the client to go out and get credentials, if none
    >> exist. Practically, doing so would require the client to know
    >> about the underlying GSSAPI mechanism, which at present it
    >> doesn't need to.

    James> I understand this sentiment (especially with GSSAPI given
    James> its a layer that uses Kerberos, but isn't itself Kerberos),
    James> but I think that if the following were true it would be a
    James> boon for the user:


    James> 	1) applications could get a TGT for a given realm
    James> stored in a single common place that other apps could use

They can.

    James> 	2) the ticket cache could contain TGTs for multiple
    James> realms


I think if you want this you need to think through exactly what it
would mean and come up with a concrete proposal that looks at
implementation issues.  If you can do that then please write up your
proposal and send to krbdev at mit.edu.