porting CCAPI to UNIX
Nicolas.Williams at sun.com
Tue May 8 14:40:00 EDT 2007
On Tue, May 08, 2007 at 01:09:39PM -0400, Ken Hornstein wrote:
> >You could use PAGs where available. On Solaris task IDs come closest.
> I don't see how that would work. How would I store Kerberos credentials
> inside of a PAG? (Given my client base I can't assume AFS is available).
Associate the credential cache with the PAG, the way AFS does.
> I had not known about task IDs ... but I am not sure that helps me. It's
> not that I need a per-session identifier ... I need a per-login session IPC
> mechanism or a per-login session storage mechanism. E.g., if Solaris
> doors could be restricted to only processes within a certain task, that
> would work.
Why do you need to restrict the daemon to clients in the same session?
I would think that the main constraint is that clients in one session
must contact the same daemon. If task IDs were included in the ucred
(see ucred_get(3C) and door_ucred(3DOOR)) then you could certainly
implement the constraint you want, but I don't see why you need that.
More information about the krbdev