porting CCAPI to UNIX

Russ Allbery rra at stanford.edu
Wed May 9 16:56:12 EDT 2007

Nicolas Williams <Nicolas.Williams at sun.com> writes:
> On Wed, May 09, 2007 at 12:31:12PM -0700, Russ Allbery wrote:

>> AFS PAGs provide cross-session process isolation (well, not from root,
>> but that's a different matter).  I was actually under the impression
>> that keyrings did as well.

> So processes in one of a user's sessions cannot trace the same user's
> processes in other sessions?

Basically, see Ken's message.  I'm more worried about getting separation
by default and requiring a lot of hoop-jumping to grab keys from another
session.  I don't really care that much about making it completely

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the krbdev mailing list