porting CCAPI to UNIX
Sam Hartman
hartmans at MIT.EDU
Thu May 10 22:04:58 EDT 2007
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
Nicolas> On Wed, May 09, 2007 at 02:32:27PM -0400, Ken Hornstein
Nicolas> (Contractor) wrote:
>> >I would not call it crazy, it looks interesting. But how could
>> you >formalize the method, so that other applications could use
>> the same >method.
>>
>> I'm not sure I'd want to formalize this particular scheme.
>> What I would want is vendors to provide a mechanism we can use
>> to build a credential storage system that provides the same
>> semantics.
Nicolas> In particular I get the impression that Ken needs
Nicolas> something stronger than Linux keyrings and AFS PAGs have
Nicolas> tended to provide: cross-session process isolation.
I think linux keyring provides this. I'm not sure our implementation
uses it in a manner that Ken can take advantage of. If my guess is
correct we should fix that so he can take advantage.
More information about the krbdev
mailing list