Sequence numbering after export and import of context
Nicolas Williams
Nicolas.Williams at sun.com
Mon Oct 6 00:18:36 EDT 2008
On Mon, Oct 06, 2008 at 12:01:16AM -0400, Michael B Allen wrote:
> Personally I think the whole export / import of security contexts is a
> little awkward. Instead of moving the context we just put all IO
> buffers in shared memory and have one process running the muxer loop
> (although the reason for doing this has nothing to do with GSSAPI).
In Solaris secure NFS can deal with mechanisms that don't support
security context import/export, but for mechanisms that don't the price
to pay is an upcall to user-land for every GSS per-message token.
The security context import/export feature definitely has its place.
In the case of the original poster, however, I agree that there is a
better solution. But that mostly follows from the OP's application
design being incompatible with security context import/export, and the
only solution is to change the application design. At least IIUC.
Nico
--
More information about the Kerberos
mailing list