porting CCAPI to UNIX

Douglas E. Engert deengert at anl.gov
Wed May 9 10:11:33 EDT 2007

I would not call it crazy, it looks interesting. But how could you
formalize the method, so that other applications could use the same

Ken Hornstein wrote:
>> Does any other: application, system lib, SSHD, PAM module whatever...
>> use this same trick? Why should CACAPI be allowed to use this? If it
>> does work, how would CCAPI tell its socket from the others?
> I think you misunderstood me, Doug.  I don't think Ken R. ever proposed
> using this wacky trick for CCAPI; I was just describing how my crazy
> credential cache works.
> Does anyone else use this trick?  In a very limited fashion.  I recall
> that some versions of PGP supported a PASSFD (or something similar)
> environment variable that contained the number of a file descriptor
> that the parent process would use to write a password on.  But it is
> very uncommon.
> Why SHOULD a credential cache be allowed to use this?  Well, I put
> it to you: why SHOULDN'T it?

It could, just needs a way to make it more formal.

> (I posted in another email how you distinguish the magic descriptor
> from others: an environment variable).

Any way to do this without an env variable? But an env gives the user
some control.

> --Ken
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev


  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list