porting CCAPI to UNIX

Nicolas Williams Nicolas.Williams at sun.com
Fri May 4 16:03:49 EDT 2007

On Fri, May 04, 2007 at 03:42:41PM -0400, Ken Raeburn wrote:
> So, if inetd is out, are we okay with requiring a process to be  
> started as root at system startup?

If only doors were available on all Unix and Linux...

> Unless we go back to the approach of allowing the process to be  
> launched directly from the user's process via the library, and deal  
> with the SIGCHLD issue, it sounds like the process not being there  
> would simply be a fatal error (credential cache can't be created, and  
> looking for it gets either not-found or internal-error).

Solaris now has a forkx() that helps a lot with the SIGCHLD issue, but
it's not portable.

OTOH, if OpenSSH has ssh-agent why should MIT krb5 not have krb5-agent?

Of course, if the OS can start a master krb5-agent to fork off per-user
ones, then so much the better.


More information about the krbdev mailing list