Integration of k5start/krenew functionality

Jeffrey Hutzelman jhutz at
Tue Aug 4 19:51:18 EDT 2009

--On Tuesday, August 04, 2009 01:04:13 PM -0400 Sam Hartman 
<hartmans at> wrote:

> 5) Plugins are good.  AFS, Linux keyring management (establisg a session
> keyring), etc all could use plugins.  Depending on things like pagsh is
> administrator-hostile.

What do you think of the argument that "complex" credential management, 
such as automatically maintaining AFS credentials and setting up a new PAG, 
keyring, SSH agent, etc. should be left entirely to external tools such as 
kstart and not distributed with Kerberos at all?

Do we want a situation where, for example, Kerberos and AFS are aware of 
each other, and if you install both you get something more than the sum of 
the pieces?  Or is the problem better solved by a separate tool which is 
based on public interfaces exported by both?

-- Jeff

More information about the krbdev mailing list