Feature Requests for 1.5 (or whatever)

Henry B. Hotz hotz at jpl.nasa.gov
Wed Feb 23 17:37:26 EST 2005

On Feb 23, 2005, at 11:16 AM, Ken Raeburn wrote:

> On Feb 23, 2005, at 11:45, Henry B. Hotz wrote:
>> 1a) Provide a way to import Kerberos databases from non-MIT sources.
>> 1b)  Provide a way to import specific Kerberos principals/keys from  
>> non-MIT sources.
> Would be nice to have, yes....

I'd think/hope that at least 1b) was fairly easy.

>> 2)  Provide a better credentials cache storage mechanism, more like  

[assorted intelligent comments elided]

I was careful to say "more like PAG", not "same as PAG", and I don't  
think I'm minimizing the problems.  I agree that adding hooks into the  
kernel is something to be avoided.  Since what I really want is  
infeasible all I can ask is for something better than the current  

But I see I'm really asking for several different things:

2a) Cache storage that goes away if you shut the machine down (or crash  

2b) Cache storage that is confined to a "login session" or something  
like it.  It should be "really hard" for my ssh session from home to  
interfere with the console session I left running when I went home.   
(Just changing an environment variable does not qualify as "really  
hard".  ;-)

2c) Ability to create a new cache storage context that won't leak  
permissions to its parent process(es).  Getting admin rights in one  
window shouldn't imply those rights for every other window on my screen  
if I don't want it to.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

More information about the krbdev mailing list