Feature Requests for 1.5 (or whatever)
Ken Hornstein
kenh at cmf.nrl.navy.mil
Wed Feb 23 17:51:37 EST 2005
>2a) Cache storage that goes away if you shut the machine down (or crash
>it).
>
>2b) Cache storage that is confined to a "login session" or something
>like it. It should be "really hard" for my ssh session from home to
>interfere with the console session I left running when I went home.
>(Just changing an environment variable does not qualify as "really
>hard". ;-)
>
>2c) Ability to create a new cache storage context that won't leak
>permissions to its parent process(es). Getting admin rights in one
>window shouldn't imply those rights for every other window on my screen
>if I don't want it to.
I developed something that actually meets all of these requirements,
although it has other problems. The obvious solution is to talk to
some daemon that stores the credentials for you (this is what MIT's
CCAPI does, for example).
The real problem you will quickly run into is that you need some sort of
IPC mechanism that has the inheritance requirements that you need. If
you want something _portable_, then you're going to have a tough problem.
The two CCAPI implementations currently use OS-specific IPC mechanisms
to solve this problem. I choose something reasonably portable, but
like I said, it has "other problems". But we've deployed it, and it
seems to work.
--Ken
More information about the krbdev
mailing list