[OpenAFS-devel] Re: [kerberos-discuss] Solaris 10 SSHD,
pam_krb5 and xscreensaver handling of renewed/forwarded ticket
will young
will.young@sun.com
Wed, 14 Nov 2007 09:33:13 -0500
Shawn M Emery wrote:
> Henry B. Hotz wrote:
>> On Nov 8, 2007, at 8:30 AM, Douglas E. Engert wrote:
>> 2) Ticket stores should be per-session.
>>
>
> Yes, but I think there should also be a way of acquiring a TGT from
> outside of the session. For example; processes that are long running or
> delayed execution could use credentials acquired from another mechanism,
> such as from password authentication or delegation.
I haven't looked recently but in general there have not been cohesive
sessions to tie processes (and kernel actions) to unless auditing is
enabled.
-Will