porting CCAPI to UNIX

Ken Raeburn raeburn at MIT.EDU
Wed May 9 15:25:30 EDT 2007

On May 9, 2007, at 14:55, Nicolas Williams wrote:
> In particular I get the impression that Ken needs something stronger
> than Linux keyrings and AFS PAGs have tended to provide: cross-session
> process isolation.

Unless someone's going to implement cross-session ptrace restrictions  
and the like, there's little point in trying to do enforced  
isolation.  However, having each login session be able to use  
different credentials while talking to the service is necessary, even  
if it requires having the login process set different KRB5CCNAME  
values for each session as now.


More information about the krbdev mailing list