Fedora ticket cache location
Russ Allbery
rra at stanford.edu
Thu Jun 7 17:24:28 EDT 2012
Nico Williams <nico at cryptonector.com> writes:
> On Thu, Jun 7, 2012 at 4:02 PM, Russ Allbery <rra at stanford.edu> wrote:
>> You need to express what semantics you want. I think the AFS semantics
>> of following fork and clone unless you explicitly say otherwise are
>> probably the best default, but there will need to be some way to
>> override it.
> When is inheritance NOT desirable?
Apache, for one obvious example. I may have credentials for the LDAP
client module in Apache, but I don't want those inherited by CGI scripts.
Of course, that basically argues for creating new sessions when spawning
CGI scripts (but that isn't what happens now).
If everything that didn't want inheritance created new sessions, I think
sessions would give me what I want. I'm a bit dubious that we can patch
everything to do that, though.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list