Integration of k5start/krenew functionality
Jeffrey Hutzelman
jhutz at cmu.edu
Tue Aug 4 19:51:18 EDT 2009
--On Tuesday, August 04, 2009 01:04:13 PM -0400 Sam Hartman
<hartmans at mit.edu> wrote:
> 5) Plugins are good. AFS, Linux keyring management (establisg a session
> keyring), etc all could use plugins. Depending on things like pagsh is
> administrator-hostile.
What do you think of the argument that "complex" credential management,
such as automatically maintaining AFS credentials and setting up a new PAG,
keyring, SSH agent, etc. should be left entirely to external tools such as
kstart and not distributed with Kerberos at all?
Do we want a situation where, for example, Kerberos and AFS are aware of
each other, and if you install both you get something more than the sum of
the pieces? Or is the problem better solved by a separate tool which is
based on public interfaces exported by both?
-- Jeff
More information about the krbdev
mailing list