login process pairing
Frank Cusack
fcusack at fcusack.com
Wed Jun 4 15:59:00 EDT 2003
On Wed, Jun 04, 2003 at 12:07:22PM -0400, Sam Hartman wrote:
> >>>>> "Frank" == Frank Cusack <fcusack at fcusack.com> writes:
>
> Frank> How will you know if it's the last session? You *could*
> Frank> have a per-session ccache, but that's not friendly. What
> Frank> if I open a dozen ssh's and work in a few of them. I don't
> Frank> want to later go back to a different window and find that I
> Frank> have to kinit.
>
> You have a per-session cache. That is what we've done for years.
Sure, but then you can't renew forwarded credentials across all sessions,
at least not easily.
Any system where I can trust that I can forward a credential, should
be trustworthy enough that I can leave a ccache behind. Ideally, you'd
remove it, but in practice I think it's difficult to tell when the last
session has closed.
How does AFS do this?
/fc
More information about the krbdev
mailing list