Project review: GSS credential store extensions

Sam Hartman hartmans at MIT.EDU
Thu Jul 12 10:11:02 EDT 2012

When you say URN/value pair, do you mean URN as in a subset of URIs
starting with urn:?

1) If you do, you probably should say URI instead. Rationale: while URNs
are often appropriate, there are great reasons for companies using tag
or http URIs to denote proprietary extensions.

2) If you don't mean URN, please don't use that abbreviation. Your
example ("ccache") is not a valid URN.

It would be valuable if the specific URNs that the krb5 mechanism
supports were documented.

Is this intended to replace gss_acquire_cred_with_password? I.E. can I
"get" a credential from a password, or a password and smart card, or a
PIN and smart card? I'm not asking whether you plan to implement that so
much as whether that usage is compatible with this architecture.

More information about the krbdev mailing list