Service Ticket Questions

Alexandra Ellwood lxs at MIT.EDU
Tue Mar 14 20:30:08 EST 2006

On Mar 14, 2006, at 5:31 PM, Ken Hornstein wrote:

>> I'm not sure whether or not you are aware of the MacOS X KLL
>> Notification hooks.  OpenAFS intends to ship as part of the Tiger
>> release a plug-in to KLL which will obtain tokens as part of
>> kinit and the Kerberos Logon dialog.  In that case there is not
>> error message displayed to the end user and the only indication that
>> something was done by the plug-in is the existence of the service
>> ticket in the Kerberos ccache.
> I was vaguely aware of them, but I haven't really paid attention to
> it since it's non-portable.
> I take it there's no reasonable error reporting mechanism back from  
> the
> KLL library?  (And I assume it's not just "system("aklog")).

The plugin can return an error to the KLL.  If it does then ticket  
acquisition will fail and both the service ticket and TGT will be  

I realize this is undesirable in many cases.  We are planning on  
revving the loginlogout plugin API with the new KLL.  I hope to  
improve the plugin error reporting options at that time.


Alexandra Ellwood <lxs at>
MIT Kerberos Development Team

More information about the krbdev mailing list