[OpenAFS] Authentication without aklog
Fri, 01 Aug 2014 15:15:26 +0100
chas williams - CONTRACTOR <firstname.lastname@example.org> wrote:
> Not impossible for Linux. I believe that the Linux keyring code
> allows for down calls from the kernel to user space in order to ask
> something to insert the appropriate keys (see keys-request-key.txt in
> the Linux kernel).
Yes. request_key() will call out to userspace to instantiate a key it doesn't
have yet, passing the caller's keyrings over so that the TGT can be retrieved.