[OpenAFS-devel] Re: [kerberos-discuss] Solaris 10 SSHD, pam_krb5 and xscreensaver handling of renewed/forwarded ticket
Henry B. Hotz
hotz@jpl.nasa.gov
Tue, 13 Nov 2007 18:07:32 -0800
On Nov 8, 2007, at 8:30 AM, Douglas E. Engert wrote:
> Thanks for the response, and so some of my comments below.
I'll second Doug's concerns:
1) Should save the new tgt even if the old one isn't expired. I
expect ancillary service tickets to be erased and for applications
that need them to be smart enough to reacquire them if needed. (AFS
usually isn't, but it has a separate credential store so it's service
ticket usually isn't erased either. Wish it did auto-acquire, but
that's another subject.)
2) Ticket stores should be per-session.
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu