[krbdev.mit.edu #2620] Don't expire contexts when tickets expire
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Wed Jul 7 13:35:05 EDT 2004
>>>>> "Nicolas" == Nicolas Williams via RT <rt-comment at krbdev.mit.edu> writes:
Nicolas> On Tue, Jul 06, 2004 at 01:46:02PM -0400, Sam Hartman via
Nicolas> RT wrote:
>> >>>>> "Nicolas" == Nicolas Williams via RT
>> <rt-comment at krbdev.mit.edu> writes:
>>
Nicolas> Summary: Find a way to make context non-expiration
Nicolas> optional. I don't think you will find a way to do so
Nicolas> safely with the Kerberos V mechanism as it stands
Nicolas> (rfc1964 and CFX).
>> On the principle of those who care about a feature should
>> figure out how to make it work, I'm interested in hearing
>> suggestions from you on how to make this feature be optional.
>> I believe I require that the default behavior be non-expiring
>> contexts because I believe that creates a more usable
>> experience.
Nicolas> You can't have that default. Deployed GSS applications
Nicolas> rely on the current default behaviour (expiring), thus we
Nicolas> can't change it.
What will it break? Also, even if it does break some things, I think
you need to show that it breaks more than it unbreaks.
--Sam
More information about the krb5-bugs
mailing list