Service Ticket Questions
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Mar 14 17:10:16 EST 2006
>Hank wants to be able to implement aklog such that if the token cannot
>be created even though the afs service ticket was obtained, that the
>afs service ticket be deleted from the ccache. Hank is concerned that
>users who see the afs service ticket in the ccache will believe that
>they have obtained afs tokens.
Personally ... this seems like a minor corner case to me. I mean,
aklog _is_ displaying an error message, right? Assuming you are using
a V5 ticket directly, the failure mode at that point is some problem
with the cache manager. But if it's a real issue to you, I think your
easiest thing would be to load the service ticket into a memory cache,
then copy it to the destination cache. Doing this right and getting
all of the corner cases will be a pain, though.
--Ken
More information about the krbdev
mailing list