porting CCAPI to UNIX
Douglas E. Engert
deengert at anl.gov
Wed May 9 10:11:33 EDT 2007
I would not call it crazy, it looks interesting. But how could you
formalize the method, so that other applications could use the same
Ken Hornstein wrote:
>> Does any other: application, system lib, SSHD, PAM module whatever...
>> use this same trick? Why should CACAPI be allowed to use this? If it
>> does work, how would CCAPI tell its socket from the others?
> I think you misunderstood me, Doug. I don't think Ken R. ever proposed
> using this wacky trick for CCAPI; I was just describing how my crazy
> credential cache works.
> Does anyone else use this trick? In a very limited fashion. I recall
> that some versions of PGP supported a PASSFD (or something similar)
> environment variable that contained the number of a file descriptor
> that the parent process would use to write a password on. But it is
> very uncommon.
> Why SHOULD a credential cache be allowed to use this? Well, I put
> it to you: why SHOULDN'T it?
It could, just needs a way to make it more formal.
> (I posted in another email how you distinguish the magic descriptor
> from others: an environment variable).
Any way to do this without an env variable? But an env gives the user
> krbdev mailing list krbdev at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev