[krbdev.mit.edu #3035] Feature Request 2c for 1.5 (or whatever)
"Henry B. Hotz" via RT
rt-comment at krbdev.mit.edu
Mon May 2 13:35:34 EDT 2005
Absolutely I'm describing PAG's.
I'm just trying to specify what characteristics of PAG's I care about.
Don't want to submit a request that says "include the OAFS kernel
module in your distribution so you can store tickets in the kernel
token store". I know you guys would (rightly!) barf on that kind of
request. ;-)
On May 2, 2005, at 10:01 AM, Ken Raeburn via RT wrote:
> On May 2, 2005, at 12:34, "Henry B. Hotz" via RT wrote:
>> Ability to create a new cache storage context that won't leak
>> permissions to its parent process(es). Getting admin rights in one
>> window shouldn't imply those rights for every other window on my
>> screen
>> if I don't want it to.
>
> You're basically describing something akin to AFS PAGs.
> We're not going to reinvent PAGs, but for systems with similar
> capabilities, we can explore using them. I believe someone is already
> looking at using the new Linux kernel key-ring stuff for Kerberos
> credentials.
>
> Ken
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krb5-bugs
mailing list