porting CCAPI to UNIX
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue May 8 22:34:18 EDT 2007
>Does any other: application, system lib, SSHD, PAM module whatever...
>use this same trick? Why should CACAPI be allowed to use this? If it
>does work, how would CCAPI tell its socket from the others?
I think you misunderstood me, Doug. I don't think Ken R. ever proposed
using this wacky trick for CCAPI; I was just describing how my crazy
credential cache works.
Does anyone else use this trick? In a very limited fashion. I recall
that some versions of PGP supported a PASSFD (or something similar)
environment variable that contained the number of a file descriptor
that the parent process would use to write a password on. But it is
very uncommon.
Why SHOULD a credential cache be allowed to use this? Well, I put
it to you: why SHOULDN'T it?
(I posted in another email how you distinguish the magic descriptor
from others: an environment variable).
--Ken
More information about the krbdev
mailing list