login process pairing

Frank Cusack fcusack at fcusack.com
Wed Jun 4 15:59:00 EDT 2003

On Wed, Jun 04, 2003 at 12:07:22PM -0400, Sam Hartman wrote:
> >>>>> "Frank" == Frank Cusack <fcusack at fcusack.com> writes:
>     Frank> How will you know if it's the last session?  You *could*
>     Frank> have a per-session ccache, but that's not friendly.  What
>     Frank> if I open a dozen ssh's and work in a few of them.  I don't
>     Frank> want to later go back to a different window and find that I
>     Frank> have to kinit.
> You have a per-session cache.  That is what we've done for years.

Sure, but then you can't renew forwarded credentials across all sessions,
at least not easily.

Any system where I can trust that I can forward a credential, should
be trustworthy enough that I can leave a ccache behind.  Ideally, you'd
remove it, but in practice I think it's difficult to tell when the last
session has closed.

How does AFS do this?


More information about the krbdev mailing list