Thoughts on long-lived credentials

Kevin Coffman kwc at citi.umich.edu
Thu Jan 19 12:36:21 EST 2006


On 1/19/06, Luke Howard <lukeh at padl.com> wrote:
>
> What are the current thoughts on automatically renewing Kerberos credentials
> for long-lived sessions, particularly with respect to NFSv4 (where the user
> experience could be adversely affected)?
>
> It seems that Solaris has kwarnd, which can both warn users of impending
> ticket expiry as well as renewing tickets. Are there any plans to do
> something similar for Linux? (I know about KCM, but we need a solution that
> works with MIT, and preferably one that will work with any ccache type.)

AFAIK, there isn't a solution for Linux yet.  This is the first I have
learned about kwarnd.

>
> [snip]
>
> cheers,
>
> -- Luke
>
> P.S. Anyone have any idea on the status of a Linux keyring ccache type? I
> would be interested in working on this if no one else is.

I have some ccache code that had an issue with locating the correct
keyring.  It used an environment variable as a temporary solution. 
This may not be an issue any longer, but I haven't been able to devote
time to it.  I plan to be able to do that in the next week or so.  If
you'd like to look at what I have and make suggestions or
improvements, I'd welcome that.

K.C.




More information about the Kerberos mailing list