Project review: GSS credential store extensions
nico at cryptonector.com
Thu Jul 12 13:02:00 EDT 2012
On Thu, Jul 12, 2012 at 11:59 AM, Sam Hartman <hartmans at mit.edu> wrote:
>>>>>> "Nico" == Nico Williams <nico at cryptonector.com> writes:
> Nico> In Simo's proposal the mechglue/mechanism will never output a cred
> Nico> store, thus there's no memory management problem.
> Consider what happens when the mech glue or a stacked mechanism wants to
> augment the cred store configuration.
> I.E. consider a mech glue that allows an admin to configure parameters
> to pass into a mechanism.
> Or consider how Moonshot might interact with Kerberos.
But I think then the caller is the glue or the stacked mechanism and
it creates a new cred store struct and later frees the bits its
responsible for. That part of Greg's response is good enough, IMO.
More information about the krbdev