Service Ticket Questions
Jeffrey Altman
jaltman at MIT.EDU
Tue Mar 14 17:21:21 EST 2006
Ken Hornstein wrote:
> Personally ... this seems like a minor corner case to me. I mean,
> aklog _is_ displaying an error message, right? Assuming you are using
> a V5 ticket directly, the failure mode at that point is some problem
> with the cache manager. But if it's a real issue to you, I think your
> easiest thing would be to load the service ticket into a memory cache,
> then copy it to the destination cache. Doing this right and getting
> all of the corner cases will be a pain, though.
>
> --Ken
Ken:
I'm not sure whether or not you are aware of the MacOS X KLL
Notification hooks. OpenAFS intends to ship as part of the Tiger
release a plug-in to KLL which will obtain tokens as part of
kinit and the Kerberos Logon dialog. In that case there is not
error message displayed to the end user and the only indication that
something was done by the plug-in is the existence of the service
ticket in the Kerberos ccache.
Unlike on Windows with Leash or NetIDMgr, the Kerberos App on MacOS X
cannot display alternative forms of credentials such as the contents
of the AFS token store.
Jeffrey Altman
More information about the krbdev
mailing list