porting CCAPI to UNIX

Ken Hornstein kenh at cmf.nrl.navy.mil
Tue May 8 22:34:18 EDT 2007

>Does any other: application, system lib, SSHD, PAM module whatever...
>use this same trick? Why should CACAPI be allowed to use this? If it
>does work, how would CCAPI tell its socket from the others?

I think you misunderstood me, Doug.  I don't think Ken R. ever proposed
using this wacky trick for CCAPI; I was just describing how my crazy
credential cache works.

Does anyone else use this trick?  In a very limited fashion.  I recall
that some versions of PGP supported a PASSFD (or something similar)
environment variable that contained the number of a file descriptor
that the parent process would use to write a password on.  But it is
very uncommon.

Why SHOULD a credential cache be allowed to use this?  Well, I put
it to you: why SHOULDN'T it?

(I posted in another email how you distinguish the magic descriptor
from others: an environment variable).


More information about the krbdev mailing list