Project review: GSS credential store extensions

Nico Williams nico at
Thu Jul 12 12:53:02 EDT 2012

In Simo's proposal the mechglue/mechanism will never output a cred
store, thus there's no memory management problem.

However, I find this short-sighted.  I want to be able to ask "what is
the cred store currently in effect".  I think inquiry functions are
important for observability and debugging if nothing else.  I also
think that such an inquiry function would be truly useful here.  That
we lack consensus for such an inquiry function now is not a reason to
paint ourselves into a memory management corner in the future.


More information about the krbdev mailing list