Implementaion of KCM funtionality for MIT Kerberos
Jeffrey Hutzelman
jhutz at cmu.edu
Thu Dec 1 22:11:36 EST 2005
On Sunday, November 20, 2005 02:50:42 PM -0500 Sam Hartman
<hartmans at mit.edu> wrote:
> One problem with the kcm approach is that I'm not sure it will work
> well with the linux keyring cache type that umich has been planning to
> donate.
>
>
> I'm not sure how well keyring access would work for a process trying
> to renew credentials that is not running as part of the session
> involved.
I don't think that's actually a problem.
As I understand it, credentials managed by KCM are kept one of multiple
private caches owned by the system-wide daemon, and accessed via a ccache
backend which communications with the daemon via some suitable IPC
mechanism (socket, door, etc).
-- Jeff
More information about the krbdev
mailing list