Project review: GSS credential store extensions

Simo Sorce simo at
Thu Jul 12 15:17:11 EDT 2012

On Thu, 2012-07-12 at 10:11 -0400, Sam Hartman wrote:
> When you say URN/value pair, do you mean URN as in a subset of URIs
> starting with urn:?
> 1) If you do, you probably should say URI instead. Rationale: while URNs
> are often appropriate, there are great reasons for companies using tag
> or http URIs to denote proprietary extensions.
> 2) If you don't mean URN, please don't use that abbreviation. Your
> example ("ccache") is not a valid URN.
> It would be valuable if the specific URNs that the krb5 mechanism
> supports were documented.
> Is this intended to replace gss_acquire_cred_with_password? I.E. can I
> "get" a credential from a password, or a password and smart card, or a
> PIN and smart card? I'm not asking whether you plan to implement that so
> much as whether that usage is compatible with this architecture.

No in my view this is not intended to replace


Simo Sorce * Red Hat, Inc * New York

More information about the krbdev mailing list