Thoughts on long-lived credentials
Kevin Coffman
kwc at citi.umich.edu
Thu Jan 19 12:36:21 EST 2006
On 1/19/06, Luke Howard <lukeh at padl.com> wrote:
>
> What are the current thoughts on automatically renewing Kerberos credentials
> for long-lived sessions, particularly with respect to NFSv4 (where the user
> experience could be adversely affected)?
>
> It seems that Solaris has kwarnd, which can both warn users of impending
> ticket expiry as well as renewing tickets. Are there any plans to do
> something similar for Linux? (I know about KCM, but we need a solution that
> works with MIT, and preferably one that will work with any ccache type.)
AFAIK, there isn't a solution for Linux yet. This is the first I have
learned about kwarnd.
>
> [snip]
>
> cheers,
>
> -- Luke
>
> P.S. Anyone have any idea on the status of a Linux keyring ccache type? I
> would be interested in working on this if no one else is.
I have some ccache code that had an issue with locating the correct
keyring. It used an environment variable as a temporary solution.
This may not be an issue any longer, but I haven't been able to devote
time to it. I plan to be able to do that in the next week or so. If
you'd like to look at what I have and make suggestions or
improvements, I'd welcome that.
K.C.
More information about the Kerberos
mailing list