porting CCAPI to UNIX

Sam Hartman hartmans at MIT.EDU
Thu May 10 22:04:58 EDT 2007

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:

    Nicolas> On Wed, May 09, 2007 at 02:32:27PM -0400, Ken Hornstein
    Nicolas> (Contractor) wrote:
    >> >I would not call it crazy, it looks interesting. But how could
    >> you >formalize the method, so that other applications could use
    >> the same >method.
    >> I'm not sure I'd want to formalize this particular scheme.
    >> What I would want is vendors to provide a mechanism we can use
    >> to build a credential storage system that provides the same
    >> semantics.

    Nicolas> In particular I get the impression that Ken needs
    Nicolas> something stronger than Linux keyrings and AFS PAGs have
    Nicolas> tended to provide: cross-session process isolation.

I think linux keyring provides this.  I'm not sure our implementation
uses it in a manner that Ken can take advantage of.  If my guess is
correct we should fix that so he can take advantage.

More information about the krbdev mailing list