porting CCAPI to UNIX
Nicolas.Williams at sun.com
Fri May 4 16:03:49 EDT 2007
On Fri, May 04, 2007 at 03:42:41PM -0400, Ken Raeburn wrote:
> So, if inetd is out, are we okay with requiring a process to be
> started as root at system startup?
If only doors were available on all Unix and Linux...
> Unless we go back to the approach of allowing the process to be
> launched directly from the user's process via the library, and deal
> with the SIGCHLD issue, it sounds like the process not being there
> would simply be a fatal error (credential cache can't be created, and
> looking for it gets either not-found or internal-error).
Solaris now has a forkx() that helps a lot with the SIGCHLD issue, but
it's not portable.
OTOH, if OpenSSH has ssh-agent why should MIT krb5 not have krb5-agent?
Of course, if the OS can start a master krb5-agent to fork off per-user
ones, then so much the better.
More information about the krbdev