KfM 4.0b7: a few questions
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Jan 31 11:28:00 EST 2002
>At 1:13 AM -0500 1/31/02, Ken Hornstein wrote:
>>I have to believe that changing the library _not_ to pop up a dialog
>>box can't be that big of a change, and there are certainly plenty of
>>places to stuff the information to tell the library how to behave.
>
>Ok, so if you remove the ability for the dialog to pop up, how does
>it ever get displayed? What triggers it?
The user, of course. They see the error "Kerberos ticket has expired"
and they explicitly run their "Get New Tickets" application. We've
used something similar for years, and people don't seem to have that
many problems with it.
I'm not saying this is desirable; I'm just saying that this is what
I think the guys at umich wanted.
>New APIs? Ones that any trojan application can call itself?
I'm not sure it's reasonable to try to guard against trojan applications;
I mean, it's not like there's anything _now_ preventing trojan applications
from running wild. Would doing this make things worse? I'm not sure.
>And that gets right down to the point, I don't know of any either.
>There are enough sites with other concrete requests that features for
>hypothetical situations aren't exactly appealing.
Well, this didn't seem that hypothetical; the guys at umich (please speak
up if I've got it wrong) seemed to have not a "policy", but a preference.
And as I understood it, they didn't want to get rid of dialogs completely,
just ones that weren't explicitly triggered by the user.
--Ken
More information about the krbdev
mailing list