Kernel subset design issues

Nico Williams nico at
Tue Apr 26 04:39:05 EDT 2011

On Tue, Apr 26, 2011 at 3:19 AM, Sam Hartman <hartmans at> wrote:
>    Nico> I never understood why we need to distinguish between
>    Nico> "exported sec context" and "exported lucid sec context",
>    Nico> except as a way to avoid cleaning up the existing sec context
>    Nico> export/import functions...  Here's your chance to make that
>    Nico> distinction go away.
> At the time we didn't want to standardize  our export token format.
> In the lucid structure, the userspace code is responsible for making the
> exported context right for what the kernel supports.
> If we standardize something we'd need to standardize something
> extensible and  the kernel would need to skip parts of it.
> Here, note that by standardize I mean write down, not something within
> the IETF.

So you thought that the exported security context token format was
unstable, likely to be unstable, and at that too unstable to
coordinate with the one kernel-mode consumer that existed?

Well, whatever.  It is what it is.  But now is a good chance to
actually change the exported context token format into something that
would do.


More information about the krbdev mailing list