Feature Requests for 1.5 (or whatever)
Henry B. Hotz
hotz at jpl.nasa.gov
Wed Feb 23 17:37:26 EST 2005
On Feb 23, 2005, at 11:16 AM, Ken Raeburn wrote:
> On Feb 23, 2005, at 11:45, Henry B. Hotz wrote:
>
>> 1a) Provide a way to import Kerberos databases from non-MIT sources.
>> 1b) Provide a way to import specific Kerberos principals/keys from
>> non-MIT sources.
>
> Would be nice to have, yes....
I'd think/hope that at least 1b) was fairly easy.
>> 2) Provide a better credentials cache storage mechanism, more like
>> AFS PAG.
[assorted intelligent comments elided]
I was careful to say "more like PAG", not "same as PAG", and I don't
think I'm minimizing the problems. I agree that adding hooks into the
kernel is something to be avoided. Since what I really want is
infeasible all I can ask is for something better than the current
system.
But I see I'm really asking for several different things:
2a) Cache storage that goes away if you shut the machine down (or crash
it).
2b) Cache storage that is confined to a "login session" or something
like it. It should be "really hard" for my ssh session from home to
interfere with the console session I left running when I went home.
(Just changing an environment variable does not qualify as "really
hard". ;-)
2c) Ability to create a new cache storage context that won't leak
permissions to its parent process(es). Getting admin rights in one
window shouldn't imply those rights for every other window on my screen
if I don't want it to.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list