porting CCAPI to UNIX
raeburn at MIT.EDU
Wed May 9 15:25:30 EDT 2007
On May 9, 2007, at 14:55, Nicolas Williams wrote:
> In particular I get the impression that Ken needs something stronger
> than Linux keyrings and AFS PAGs have tended to provide: cross-session
> process isolation.
Unless someone's going to implement cross-session ptrace restrictions
and the like, there's little point in trying to do enforced
isolation. However, having each login session be able to use
different credentials while talking to the service is necessary, even
if it requires having the login process set different KRB5CCNAME
values for each session as now.
More information about the krbdev