Implementaion of KCM funtionality for MIT Kerberos

Jeffrey Hutzelman jhutz at
Thu Dec 1 22:11:36 EST 2005

On Sunday, November 20, 2005 02:50:42 PM -0500 Sam Hartman 
<hartmans at> wrote:

> One problem with the kcm approach is that I'm not sure it will work
> well with the linux keyring cache type that umich has been planning to
> donate.
> I'm not sure how well keyring access would work for a process trying
> to renew credentials that is not running as part of the session
> involved.

I don't think that's actually a problem.
As I understand it, credentials managed by KCM are kept one of multiple 
private caches owned by the system-wide daemon, and accessed via a ccache 
backend which communications with the daemon via some suitable IPC 
mechanism (socket, door, etc).

-- Jeff

More information about the krbdev mailing list