Service Ticket Questions
Alexandra Ellwood
lxs at MIT.EDU
Tue Mar 14 20:30:08 EST 2006
On Mar 14, 2006, at 5:31 PM, Ken Hornstein wrote:
>> I'm not sure whether or not you are aware of the MacOS X KLL
>> Notification hooks. OpenAFS intends to ship as part of the Tiger
>> release a plug-in to KLL which will obtain tokens as part of
>> kinit and the Kerberos Logon dialog. In that case there is not
>> error message displayed to the end user and the only indication that
>> something was done by the plug-in is the existence of the service
>> ticket in the Kerberos ccache.
>
> I was vaguely aware of them, but I haven't really paid attention to
> it since it's non-portable.
>
> I take it there's no reasonable error reporting mechanism back from
> the
> KLL library? (And I assume it's not just "system("aklog")).
The plugin can return an error to the KLL. If it does then ticket
acquisition will fail and both the service ticket and TGT will be
destroyed.
I realize this is undesirable in many cases. We are planning on
revving the loginlogout plugin API with the new KLL. I hope to
improve the plugin error reporting options at that time.
--lxs
Alexandra Ellwood <lxs at mit.edu>
MIT Kerberos Development Team
<http://mit.edu/lxs/www>
More information about the krbdev
mailing list