ccache using linux Keyrings
Wachdorf, Daniel R
drwachd at sandia.gov
Wed Apr 12 13:27:07 EDT 2006
It might be desirable that an application (or the kernel) which did not
have access to the ENV search the keyrings in order of presence (thread
-> session) (ie GSSD). If I went through the trouble of creating a
thread specific keyring - I want that one used.
This would be different from the "default" credentials cache used
Kerberos credentials cache libs - which I agree should be session.
-----Original Message-----
From: krbdev-bounces at mit.edu [mailto:krbdev-bounces at mit.edu] On Behalf
Of Sam Hartman
Sent: Wednesday, April 12, 2006 11:18 AM
To: Kevin Coffman
Cc: Andy Adamson; Machin, Glenn D; krbdev at mit.edu
Subject: Re: ccache using linux Keyrings
>>>>> "Kevin" == Kevin Coffman <kwc at citi.umich.edu> writes:
Kevin> You can find the code Dan is talking about at:
Kevin> http://www.citi.umich.edu/projects/nfsv4/linux/keyring/
Kevin> I think that having three alias ccache types such as
Kevin> KRTHREAD:, KRPROCESS:, and KRSESSION is another possible
Kevin> way of expressing which keyring to associate the
Kevin> credentials.
Or keyring:thread:, etc. I think that keyring: should default to the
session keyring.
I do believe it is a requirement that fyou be able to fully specify
the ccache with the argument to krb5_cc_resolv so you do need to be
able to specify which ccache within a keyring.
--Sam
_______________________________________________
krbdev mailing list krbdev at mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list