Keytab-based initiator creds design
Dmitri Pal
dpal at redhat.com
Fri Jun 8 10:10:18 EDT 2012
On 06/07/2012 07:28 PM, Nico Williams wrote:
> On Thu, Jun 7, 2012 at 6:22 PM, Russ Allbery <rra at stanford.edu> wrote:
>> The more I think about it, though, the more I think you're on the right
>> track with not worrying about per-session ticket caches for the average
>> user login since you've ensured that the cache doesn't go away until all
>> sessions have gone away.
> +1. Key words: average user.
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
Yes the assumption is that the really long connections are more a part
of the infrastructure connections than real physical user connections.
Those are handled differently and come up as a part of some sort
solution. When the solution is being built by the people who know what
they are doing (not an average user) it can employ all sorts of advanced
methods you are talking about.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the krbdev
mailing list