porting CCAPI to UNIX

Nicolas Williams Nicolas.Williams at sun.com
Tue May 8 14:40:00 EDT 2007

On Tue, May 08, 2007 at 01:09:39PM -0400, Ken Hornstein wrote:
> >You could use PAGs where available.  On Solaris task IDs come closest.
> I don't see how that would work.  How would I store Kerberos credentials
> inside of a PAG?  (Given my client base I can't assume AFS is available).

Associate the credential cache with the PAG, the way AFS does.

> I had not known about task IDs ... but I am not sure that helps me.  It's
> not that I need a per-session identifier ... I need a per-login session IPC
> mechanism or a per-login session storage mechanism.  E.g., if Solaris
> doors could be restricted to only processes within a certain task, that
> would work.

Why do you need to restrict the daemon to clients in the same session?
I would think that the main constraint is that clients in one session
must contact the same daemon.  If task IDs were included in the ucred
(see ucred_get(3C) and door_ucred(3DOOR)) then you could certainly
implement the constraint you want, but I don't see why you need that.

More information about the krbdev mailing list